Cache for pwned passwords
1 vote
Hi!
When you open the Entry security analyzer report with the Show compromised password (pwned) option, the list takes a long time to load because DVLS seems to query api.pwnedpasswords.com for each password sequentially. It's the same in RDM with the Password analyzer.
I think this could be optimized.
- API calls could parallelized, if they are not already.
- Hashes could be cached for some time, so you wouldn't need to wait for the whole list to load every time you change the filter or switch pages.
- The query could run in the background and populate the pwned-status field of each entry as they come in, instead of the whole GUI becoming unusable for a long time.
- You can even download all password hashes and query them offline: https://haveibeenpwned.com/api/v3#PwnedPasswordsDownload
Thank you!
All Comments (3)
Hello,
Thank you for your request. I am creating a ticket, and we will investigate that during our next development cycle. We will post back here once we have an update.
Best regards,
François Dubois
Thank you!
Hello!
I have another request for the entry security analyzer: Can you add a filter to include only entries in a specific folder and subfolders? The activity log report has that for example.
Also, I noticed filtering by the "Compromised (pwned)" password strength doesn't work. When this is selected, I get no entries at all. Only the "Show compromised password (pwned)" checkbox works
Thank you!
a231aea8-a095-480f-8f8f-9386fbf3b489.png