[keycloak-dev] Blacklist Password Policy
Thomas Darimont
thomas.darimont at googlemail.com
Fri Jul 28 11:48:05 EDT 2017
Hello,
I build a configurable Password Policy that allows to match a given
password against
a blacklist with easy to guess passwords that should be not allowed as user
passwords.
The 'BlacklistPasswordPolicyProvider' can be configured via the admin UI
with a ";" delimited list of easy to guess passwords.
If the user / or admin want's to change the password it is checked against
the blacklist.
A password list can be found here:
https://github.com/danielmiessler/SecLists/tree/master/Passwords
A blacklist is of course not a perfect solution but could still be useful
for some users.
Password blacklist would be compiled to a trie at startup (and on changes
of the blacklist)
for efficient lookups.
WDYT?
Cheers,
Thomas
More information about the keycloak-dev
mailing list