mirror of
https://github.com/Findus23/plugin-PasswordVerifier.git
synced 2024-09-19 16:03:47 +02:00
14 lines
924 B
Markdown
14 lines
924 B
Markdown
# Matomo PasswordVerifier Plugin
|
|
|
|
[![Translation status](https://hosted.weblate.org/widgets/matomo/-/communityplugin-passwordverifier/svg-badge.svg)](https://hosted.weblate.org/projects/matomo/communityplugin-passwordverifier/)
|
|
|
|
|
|
## Description
|
|
|
|
This plugin sends the first 5 characters of the SHA1 hash of the password to the [haveibeenpwned.com database](https://haveibeenpwned.com/Passwords) of over 500 million passwords exposed in data breaches. If the password is found, Matomo rejects it and asks the user to use a more secure password.
|
|
|
|
This plugin only acts on passwords changes and can't access existing passwords as they are stored securely hashed by Matomo.
|
|
|
|
### Disclaimer
|
|
|
|
**Attention**: This is a beta plugin. Please don't use it in security critical environments without checking the correctness of [the source](https://github.com/Findus23/plugin-PasswordVerifier/blob/master/PasswordVerifier.php) yourself.
|