Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for clarificaiton why pass audit is detecting a Weak Password (dictionary) #30

Open
andrewklajman opened this issue Jun 27, 2023 · 1 comment
Open

Request for clarificaiton why pass audit is detecting a Weak Password (dictionary) #30

andrewklajman opened this issue Jun 27, 2023 · 1 comment

Comments

@andrewklajman
Copy link

Hi @roddhjav ,

I wanted to say that pass audit is a great extension to pass.

Im not sure if you review these issues or if this is even an appropriate question but i thought I would ask anyway.

I ran pass audit and found a few of my passwords are raised as a Weak password (dictionary). An example is the one below (this is from a defuct account).
w Weak password detected: rxed5Q^$J2Sq from Games/EveOnline might be weak. Score 0 (461 guesses). This estimate is based on the sequence rxed5Q^$J2Sq(dictionary)

I understand that pass audit is just passing the password to hibp to evaluate it. But when I go to the hibp web portal, to the passwords section and check the password rxed5Q^$J2Sq its says 'no pwnage found'

Im not sure if I am missing something or if you can explain this difference?

Thanks
@roddhjav
Copy link
Owner

Password are checked against hibp and zxcvbn. This detection is due to zxcvbn not hibp.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewklajman @roddhjav