You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the constraint will reject any password found at least once on pwnedpasswords.com. While this is indeed the safest behavior (and so a sensible default), it means blocking half a billion passwords currently.
The blog post announcing the launch of the v2 (which is used here) recognizes this usability nightmare, and explains that this is the reason why a count is provided for each password: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#eachpasswordnowhasacountnexttoit
I would be great to allow configuring the threshold at which passwords should be blocked (the existing behavior corresponds to threshold=1)
The text was updated successfully, but these errors were encountered:
Currently, the constraint will reject any password found at least once on pwnedpasswords.com. While this is indeed the safest behavior (and so a sensible default), it means blocking half a billion passwords currently.
The blog post announcing the launch of the v2 (which is used here) recognizes this usability nightmare, and explains that this is the reason why a count is provided for each password: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#eachpasswordnowhasacountnexttoit
I would be great to allow configuring the threshold at which passwords should be blocked (the existing behavior corresponds to
threshold=1
)The text was updated successfully, but these errors were encountered: