Password Banned List

[MadHatter]

I've made a module for checking a password against a banned list. The list comes from the 10,000 most common password list and when input will produce an error informing the user that their password is in the list and a more secure password should be used. The module was based on a question I asked in the development section (over here).

The banned list is found in the module as banned.list so passwords can be added/removed as required.

The module should be in the Modules section once it has been approved.

PasswordBannedList.zip

[ryan]

MadHatter, thanks for your submission to the modules directory. This seems like a very good and useful module so thanks for making it. In reviewing the module, I had one suggestion/request: Because this is an autoload module, and because your $this->bad array gets populated from your init(), your bad passwords file gets loaded into memory on every request. That's ~73 kb worth of bad passwords that are loaded every time ProcessWire runs, which is a significant amount of memory. Because your bad password list is only needed at certain times (i.e. after InputfieldPassword::processInput), I wanted to suggest moving the population of $this->bad from your init() method to your checkPass() method. Or maybe you don't even need to bother with having a $this->bad array, and could keep it all localized to your checkPass method, as InputfieldPassword::processInput is not likely to be called more than once in a request anyway (i.e. no need to cache it). 

[MadHatter]

Hi Ryan,

Thanks for the information, I'll update the module in GitHub when I get the chance (switching computers at work today). Do I need to do anything special to update the Module listing (such as version number)?

[ryan]

Actually you don't need to do anything other than update your GitHub. The modules directory will pick up the new version automatically. However, it keeps a cache from GitHub so it may take up to half a day before it sees the changes. So if you don't want to wait for it you can always edit your module listing manually too.

[MadHatter]

Excellent. I updated the version number in the module too, hopefully this will be reflected on the modules page once it's been approved.

[MadHatter]

Password Banned List has been updated, you can now add your own banned.list file to site/assets/PasswordBannedList/ dirctory. Each password should be written on a separate line, and this won't get overwritten when the module is updated.