Tell HN: GitHub will reset passwords June 24, 2020
When I logged into an old github account I recieved this message:
The password you provided is weak and can be easily guessed. To increase your security, you must update your password. After June 24, 2020 we will automatically reset your password.
-----
It's only for insecure passwords I guess but hopefully if someone needs to see this they will
6 comments
[ 3.0 ms ] story [ 14.3 ms ] threadFor me, I logged in a few days after my deadline and instead of showing me the warning it just forced me to reset my password. I'm assuming they're doing it on a rolling basis of some sort.
[1] https://en.wikipedia.org/wiki/Rainbow_table
Another approach is to use things like https://haveibeenpwned.com/ to detect users whose credentials are compromised and alert them.
Another more involved approach is to actually try to find collisions with user passwords (using either common wordlists, generated wordlists, or straight brute force) and then notifying users if they find a hit.