Should you block compromised passwords?
In today’s cyber world, passwords are the main safeguard for user accounts. Yet the problem lies in users reusing the same passwords across various sites.
If one of these sites is compromised, it results in a domino effect of breaches.
One way to avert this is by blocking compromised or ‘pwned’ passwords through services such as Pwned Passwords. Laravel’s password validation rule, uncompromised(), assists with this.
However, it is important to expand beyond merely implementing the rule, by teaching users about securing their passwords, providing resources, developing extra authentication measures, and possibly implementing SMS Multi-Factor Authentication for non-tech savvy users.
