Q1. What is the problem that you are trying to solve?
Notification on compromised credentials.
Q2 - Who is impacted?
Q3 - Why is it important and/or urgent?
Should be self-explanatory. Notification of potentially compromised passwords is a feature that all major password managers that I am aware of offer.
Q5. Community support
People can vote for this idea to show traction:
- Must have: this is critical for me to have this
- Should have: this is important for me to have this
- Could have: this could be nice to have
- Won’t have: we should not schedule this (explain why)
Thanks for posting your idea. Thanks for using the proper format!
Passbolt already uses the Have I Been Pwned DB for all passwords and the new Passbolt password policies allows an administrator complete control.
What Dark Web Monitoring DB are you suggesting Passbolt add in addition to HaveBeenPwned?
I think the Have I Been Pwned DB integration for the moment checks the password at the creation time, but not during its life, right?
If so, there could be a possibility to keep using a compromised password because Passbolt wouldn’t send you a notification advising about the exfiltration.
I think this is what he is requesting, a way to know if an existing password is compromised or not, rather than the existing one at the creation of a resource