Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-1501

Add Dictionary Checks to PasswordAuthenticator

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: COmanage Registry 3.1.0 (Hidden Gem)
    • Fix Version/s: COmanage Registry Future
    • Component/s: Registry Plugins
    • Labels:
      None

      Description

      Should be compliant with NIST 800-63B §5.1.1.2. ie:

      When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to:

      • Passwords obtained from previous breach corpuses.
      • Dictionary words.
      • Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
      • Context-specific words, such as the name of the service, the username, and derivatives thereof.

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              benn.oshrin@at.internet2.edu Benn Oshrin
              Reporter:
              benn.oshrin@at.internet2.edu Benn Oshrin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: