Ideas for the Mambu Banking Engine

Allow admins to blacklist commonly used passwords

What

In Mambu's password policy settings allow admins to blacklist passwords that are frequently used.

Why

The recent LinkedIn password leak has shown that passwords like 123456 are used by more than one million of their users. If users are prevented from choosing such weak passwords, password guessing attacks would be much harder.

Further resources: http://research.microsoft.com/pubs/265143/Microsoft_Password_Guidance.pdf

How

Let Mambu maintain a list of the top 100, 1,000 or more most commonly used passwords and allow administrators to blacklist these passwords when users set up new passwords.

  • Thomas Bachmann
  • May 28 2016
  • Attach files