Password::Policy::Rule::Pwned - Check passwords haven't been pwned
use Password::Policy; use Password::Policy::Rule::Pwned; use Try::Tiny; my $pass = 'password1'; my $pp = Password::Policy->new (config => 'policy.yaml'); try { $pp->process({ password => $pass }); } catch { warn "This password '$pass' is pwned - don't use it"; # Other actions }
Plug this rule into Password::Policy to validate potential passwords against the list from api.pwnedpasswords.com. It uses the recoomended range function to ensure that neither the password nor its full hash is ever transferred over the wire.
The Password::Policy configuration file should set the "pwned" attribute to 1 in any policy where this rule should apply.
This is alpha quality software. It is not yet production ready.
To understand how to use this as part of a wider password policy enforcement program, see Password::Policy.
https://gitlab.com/openstrike/password-pwned
This module is written and maintained by Pete Houston of Openstrike <cpan@openstrike.co.uk>
Copyright 2018 by Pete Houston. All Rights Reserved.
Permission to use, copy, and distribute is hereby granted, providing that the above copyright notice and this permission appear in all copies and in supporting documentation.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Password::Policy::Rule::Pwned, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Password::Policy::Rule::Pwned
CPAN shell
perl -MCPAN -e shell install Password::Policy::Rule::Pwned
For more information on module installation, please visit the detailed CPAN module installation guide.