Jump to content

Option to Notify on Known Bad Passwords, but not Block


BHillebrand

Recommended Posts

Summary of Use case:
MSP client insists on utilising a known Bad password, is unwilling/unable to change the password for operational reasons, but the password still requires documentation in Passwordstate by the MSP.

Current Outcome:
The only option in this scenario is to disable Bad passwords detection entirely for the whole password list, and this is a sub-optimal outcome that prevents us deriving any security benefit from the feature.

Requested Feature:
Short of blocking bad passwords, we'd like to be able to benefit from the Bad passwords feature by:
* Having an option added for a Passwordstate user to notified when a Bad password is entered, but still allowing the user to save the password entry anyway. (IE: Choice to Block OR Notify)

 

Link to comment
Share on other sites

+1

 

Also: I'd rather have the current - bad - password stored in PasswordState (so that its quality and replacement can be monitored) than having it stored somewhere outside PasswordState. So, first securely store the bad password and then replace it by a good one (which can not always be done immediately).

Link to comment
Share on other sites

  • 2 weeks later...
On 2/16/2023 at 2:32 PM, Dave Bennie said:

Potential workaround I have delpoyed for sites we cannot control passwords for is a dedicated list,  that allows poor passwords. This list requires reasons for the password being poor etc.

 

Yeah, that's what we're having to do, but it's a messy workaround to resort to.

Mostly because it either results in a proliferation of lists (IE: Good password list and Bad password list for customers that want to use bad passwords on their sites) or we have one customer list and just disable the feature fully, which isn't great because our comfort with bad credentials used in an MFC pin code might not extend to other types of credentials etc.

Link to comment
Share on other sites

  • 1 year later...
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...