Hacker News new | past | comments | ask | show | jobs | submit login

Indeed, replacing this with the list of top 100 passwords would be much more effective.



Or, alternatively, switching to the haveibeenpwned API[1] or zxcvbn[2].

[1]: https://haveibeenpwned.com/API/v2 [2]: https://github.com/dropbox/zxcvbn


It seems to do that too (comparing against a list of the top 500 passwords):

https://github.com/bdmac/strong_password/blob/master/lib/str...


A long time ago I made a gem that does pretty much this: https://github.com/senorprogrammer/pil

If you want this functionality, I recommend not using it as-is, given the security vuln GitHub is currently reporting. Rather, anyone has my permission to copy the code verbatim into your project. It's a pretty simple gem.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: