[keycloak-dev] Blacklist Password Policy
bburke at redhat.com
Fri Jul 28 16:03:12 EDT 2017
Yah, that sounds cool.
On 7/28/17 11:48 AM, Thomas Darimont wrote:
> I build a configurable Password Policy that allows to match a given
> password against
> a blacklist with easy to guess passwords that should be not allowed as user
> The 'BlacklistPasswordPolicyProvider' can be configured via the admin UI
> with a ";" delimited list of easy to guess passwords.
> If the user / or admin want's to change the password it is checked against
> the blacklist.
> A password list can be found here:
> A blacklist is of course not a perfect solution but could still be useful
> for some users.
> Password blacklist would be compiled to a trie at startup (and on changes
> of the blacklist)
> for efficient lookups.
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev