Better Passwords
Stop use of a bad passwords, including those in the Have I Been Pwned? breached password database
Overview
Compatibility
Customer support & learning resources
Main benefits
Minimum 10-character passwords
Checks against breached passwords
Partial hash for privacy
Upgrades hashing algorithm
About this plugin
Author: bettersecurity
Categories: Security
Version: 1.8
Last updated: 23-05-2022
WordPress version: 4.0
Tested up to: 6.0.9
PHP version required: 7.0
Languages:
Tags:
Learning resources: View resources
Overview
This WordPress plugin enhances security by setting a default minimum password length of 10 characters, ensuring passwords are sufficiently complex to deter guessing attempts. Unlike other security measures, it focuses solely on length without imposing any complexity rules such as the inclusion of digits or special characters. The plugin leverages Troy Hunt's Pwned Passwords API to check passwords against a database of breached passwords, enhancing user protection without compromising privacy, as only a partial hash of the password is sent for verification. Additionally, it upgrades the hashing algorithm used for storing passwords in the database to a secure one-way hash created using Bcrypt or Argon2, providing an extra layer of encryption and security for user data.
Ensures Strong Password Length
- Sets a default minimum password length of 10 characters.
- Focuses on length as the primary factor for password strength.
- Avoids complexity rules, making it user-friendly.
Checks Against Breached Passwords
- Uses Troy Hunt’s Pwned Passwords API.
- Prevents the use of passwords that have been compromised in data breaches.
- Enhances overall security by avoiding known weak passwords.
Maintains Password Privacy
- Only a partial hash of the password is sent to the API.
- Ensures that the actual password is never exposed to third parties.
- Protects user privacy and sensitive information.
Upgrades Password Hashing Algorithm
- Uses secure one-way hashing algorithms like Bcrypt or Argon2.
- Improves the security of stored passwords in the database.
- Reduces the risk of password cracking through enhanced hashing techniques.