On 11/17/21 9:12 PM, Jarland Donnell via mailop wrote: > If you can get the passwords that are going around in these database dumps and > compare them to email accounts in your system, test those passwords against > their email accounts using automation, and then force a password change it if > matches,
I have been there, done that and got plenty of passwords changed by the attackers... But if you really want to go an extra mile, with such a list, what you may do is blocking your users from re-using their compromised passwords even with small transformations. I am using the Levenshtein algorithm (slightly modified) and allow new passwords only if the distance from any compromised password is "sufficient". > you are not only going to stop a ton of compromises you're probably > going to get a raise. It didn't work... François _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
