Details
-
New Feature
-
Resolution: Unresolved
-
Minor
-
COmanage Registry 3.1.0 (Hidden Gem)
-
None
Description
Should be compliant with NIST 800-63B §5.1.1.2. ie:
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to:
- Passwords obtained from previous breach corpuses.
- Dictionary words.
- Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
- Context-specific words, such as the name of the service, the username, and derivatives thereof.