Better Passwords
Stop use of a bad passwords, including those in the Have I Been Pwned? breached password database
Overview
Compatibility
Customer support & learning resources
Main benefits
Minimum 10-character passwords
Checks against breached passwords
Partial hash for privacy
Upgrades hashing algorithm
About this plugin
Author: bettersecurity
Categories: Security
Version: 1.8
Last updated: 23-05-2022
WordPress version: 4.0
Tested up to: 6.0.9
PHP version required: 7.0
Languages:
Tags:
Learning resources: View resources
Overview
This WordPress plugin enhances security by setting a default minimum password length of 10 characters, ensuring passwords are sufficiently complex to deter guessing attempts. Unlike other security measures, it focuses solely on length without imposing any complexity rules such as the inclusion of digits or special characters. The plugin leverages Troy Hunt's Pwned Passwords API to check passwords against a database of breached passwords, enhancing user protection without compromising privacy, as only a partial hash of the password is sent for verification. Additionally, it upgrades the hashing algorithm used for storing passwords in the database to a secure one-way hash created using Bcrypt or Argon2, providing an extra layer of encryption and security for user data.
Ensures Strong Password Length
- Sets a default minimum password length of 10 characters.
- Focuses on length as the primary factor for password strength.
- Avoids complexity rules, making it user-friendly.
Checks Against Breached Passwords
- Uses Troy Hunt’s Pwned Passwords API.
- Prevents the use of passwords that have been compromised in data breaches.
- Enhances overall security by avoiding known weak passwords.
Maintains Password Privacy
- Only a partial hash of the password is sent to the API.
- Ensures that the actual password is never exposed to third parties.
- Protects user privacy and sensitive information.
Upgrades Password Hashing Algorithm
- Uses secure one-way hashing algorithms like Bcrypt or Argon2.
- Improves the security of stored passwords in the database.
- Reduces the risk of password cracking through enhanced hashing techniques.
Rating and reviews
RayBernard
12 Nov, 2020
I like this plugin because it is simple in its design, easy to use, and strong in its password protection. I highly recommend it. Cybersecurity is a fast moving domain, and this plugin smartly used a standards-based approach that makes it easy to keep your website password security to the latest levels of available protection.
This topic was modified 3 years, 9 months ago by RayBernard.
This topic was modified 3 years, 8 months ago by RayBernard.
Robert Seyfriedsberger
28 Jul, 2019
I use this plugin on all of my sites – it not only checks if a used password is included in a haveibeenpwned.com leak, but also forces WordPress to use more secure hashing algorithms for saving passwords. Highly recommended!
