A higher ed info sec team asked if we follow the NIST SP 800-53 IA-5(1) recommendation that when users create accounts, their proposed password is checked against a list of commonly used or bad passwords. The idea is that the application should keep such a list without going to the cloud to get it and if a user tries to use one of these passwords, they’re prompted to try again.
Anyone got any ideas on how to do this?
Hi there,
I’d recommend using a plugin for this. I haven’t used any of these but ibdid a quick search and this one popped up:
This topic was automatically closed after 70 days. New replies are no longer allowed.