NAME

Password::Policy::Rule::Pwned - Check passwords haven't been pwned

SYNOPSIS

	use Password::Policy;
	use Password::Policy::Rule::Pwned;
	use Try::Tiny;

	my $pass = 'password1';

	my $pp = Password::Policy->new (config => 'policy.yaml');
	try {
    	$pp->process({ password => $pass });
	} catch {
    	warn "This password '$pass' is pwned - don't use it";
		# Other actions
	}

DESCRIPTION

Plug this rule into Password::Policy to validate potential passwords against the list from api.pwnedpasswords.com. It uses the recoomended range function to ensure that neither the password nor its full hash is ever transferred over the wire.

The Password::Policy configuration file should set the "pwned" attribute to 1 in any policy where this rule should apply.

STATUS

This is alpha quality software. It is not yet production ready.

SEE ALSO

To understand how to use this as part of a wider password policy enforcement program, see Password::Policy.

REPOSITORY

https://gitlab.com/openstrike/password-pwned

MAINTAINER

This module is written and maintained by Pete Houston of Openstrike <cpan@openstrike.co.uk>

COPYRIGHT INFORMATION

Copyright 2018 by Pete Houston. All Rights Reserved.

Permission to use, copy, and distribute is hereby granted, providing that the above copyright notice and this permission appear in all copies and in supporting documentation.

LICENCE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.