REMOVE exposed data breach check

Could you please consider removing or at least enable on/off globally, by group or by user for the DATA breach, weak password check and notification toast.

We use Passbolt to store of wide range of PINs, Passwords, keys and other strings - MANY, MANY of which do not (nor would we want them) to conform to this restrictive, specific usage of passbolt passwords.

Additionally, at the rate of current data breaches, EVERY combination of 8 characters or less will be registered in PAWND within a few years.

Finally, this is a waste of network and computing resources - looking up every password against the PAWND API every time an entry is added or edited.

Those who understand the weak/breach toast are already fully aware for the need to use appropriately strong password (WHERE POSSIBLE OR APPLICABLE) and those who dont understand the notification often misunderstand the message and contact the technical team worried the password has been been ‘breached’.

We have already written custom code to rip out this check - but its annoying to have to re-apply it after each update.

1 Like

Hi @Cordeos, can’t you simply disable it in administrtion ➤ Password Policy ➤ External services?

1 Like