Password security

Problem reported by Tan - 8/20/2025 at 1:15 AM

Submitted

I have a problem which I hope SmarterTools can come out with a solution to fix it.

This is more of a human issues rather than software issue.

My customer’s IT admin issued their end-user a secure password, but the end-user decided to change it to an insecure one, which has already been found in 4,034,619 breaches according to https://haveibeenpwned.com/Passwords

Here is my settings and I am sure that the end-user has creative ways for this

That bring me to an idea whether SmarterMail download the entire list of the hashed password (

https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader)

and give additional options

[ ] Check and warn end-users for breached password

[ ] Prevent password change if found in breached database

3 Replies

Reply to Thread

Roger Replied

8/20/2025 at 3:25 PM

Hello,

I think it's a good idea, but what will users think when they receive an email saying that their password has been compromised? They'll think it's phishing and ignore it. What other options are there besides email to ensure security?

Tan Replied

8/20/2025 at 4:25 PM

Im not targetting those group of users. My objective is to prevent users who are trying to outsmart the system by changing to a weak password thinking that it can make their life easier by allowing hacker to breach their account

John Quest Replied

8/26/2025 at 1:21 PM

My objective is to prevent users who are trying to outsmart the system by changing to a weak password thinking that it can make their life easier by allowing hacker to breach their account

With the settings available, your only real option is to increase the minimum characters to 12 or 15. Even then, a user can still have a weak password, such as Pa$$w0rdPa$$w0rd.

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text