{"id":17324004,"url":"https://github.com/strugee/password-requirements-dataset","last_synced_at":"2026-03-02T19:35:51.596Z","repository":{"id":43288790,"uuid":"200273428","full_name":"strugee/password-requirements-dataset","owner":"strugee","description":"Dataset of what websites impose insecure password limits, or crash on strong passwords","archived":false,"fork":false,"pushed_at":"2022-03-09T22:50:45.000Z","size":40,"stargazers_count":2,"open_issues_count":19,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-12T23:39:56.563Z","etag":null,"topics":["database","dataset","hacktoberfest","insecurity","json","json-data","json-schema","password-safety","password-strength","security-dataset"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/strugee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-02T17:28:24.000Z","updated_at":"2024-05-24T02:08:20.000Z","dependencies_parsed_at":"2022-09-01T04:11:33.831Z","dependency_job_id":null,"html_url":"https://github.com/strugee/password-requirements-dataset","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/strugee/password-requirements-dataset","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strugee%2Fpassword-requirements-dataset","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strugee%2Fpassword-requirements-dataset/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strugee%2Fpassword-requirements-dataset/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strugee%2Fpassword-requirements-dataset/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strugee","download_url":"https://codeload.github.com/strugee/password-requirements-dataset/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strugee%2Fpassword-requirements-dataset/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30016523,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T17:00:27.440Z","status":"ssl_error","status_checked_at":"2026-03-02T17:00:03.402Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["database","dataset","hacktoberfest","insecurity","json","json-data","json-schema","password-safety","password-strength","security-dataset"],"created_at":"2024-10-15T14:09:47.045Z","updated_at":"2026-03-02T19:35:51.551Z","avatar_url":"https://github.com/strugee.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Password requirements dataset\n\n[![Node.js CI](https://github.com/strugee/password-requirements-dataset/actions/workflows/node.js.yml/badge.svg)](https://github.com/strugee/password-requirements-dataset/actions/workflows/node.js.yml)\n\nThis repository contains a database of password limits that different websites impose. The major focus is on limits that are arbitrary, indicate some underlying insecure design, or prevent the usage of strong passwords (e.g. because strong passwords crash the website).\n\n## Goals\n\nThis the overarching, ambitious goal of this project is to improve the state of internet password security by doing two things:\n\n1. Helping users pick the strongest passwords they are allowed to for websites\n2. Enabling public shaming of websites that don't get this right\n\nEventually it would be awesome if this data was used by password managers to generate even stronger passwords, without having to make conservative choices for broad compatibility. But the data included is designed to be flexible and detailed enough to enable all sorts of applications that haven't even been thought of yet.\n\n## Usage\n\nEach entry in the dataset is represented in a JSON file in the `data/` directory. Copyright is waived on this data (see \"License\" below), so you are welcome to do whatever you want with it. That being said, if you build tooling around this dataset - for example, to load it into a SQLite database so it can be efficiently queried, or a hall of shame page for websites with bad password practices - you are _highly_ encouraged to submit either your tool itself or a link to your tool in a Pull Request.\n\nMore information on the format of each entry is forthcoming. In the meantime, you can use the (mostly-complete) JSON Schema in `schema.json` as a reference point.\n\n### `meta.json`\n\n`meta.json` contains meta-information about the dataset. Currently it has only one key, `schema-version`, which will be increased every time the schema is updated in a backwards-incompatible way. It will not be changed if backwards-compatible additions are made.\n\nNote that the addition of new enum values is _**not**_ considered backwards-incompatible. Therefore, you should expect to handle the following:\n\n* Unknown properties\n* Unknown `issue_name` values\n* Unknown issue `type` values\n* Unknown issue `source` values (and therefore, unknown `additional_sources` values)\n\nFor most applications, it would probably be sensible to ignore anything you don't understand.\n\n## Author\n\nAJ Jordan \u003calex@strugee.net\u003e\n\n## License\n\n\u003cp xmlns:dct=\"http://purl.org/dc/terms/\" xmlns:vcard=\"http://www.w3.org/2001/vcard-rdf/3.0#\"\u003e\n  \u003ca rel=\"license\"\n     href=\"http://creativecommons.org/publicdomain/zero/1.0/\"\u003e\n    \u003cimg src=\"http://i.creativecommons.org/p/zero/1.0/88x31.png\" style=\"border-style: none;\" alt=\"CC0\" /\u003e\n  \u003c/a\u003e\n  \u003cbr /\u003e\n  To the extent possible under law,\n  \u003cspan resource=\"[_:publisher]\" rel=\"dct:publisher\"\u003e\n    \u003cspan property=\"dct:title\"\u003eAJ Jordan\u003c/span\u003e\u003c/span\u003e\n  has waived all copyright and related or neighboring rights to\n  \u003cspan property=\"dct:title\"\u003ePassword requirements dataset\u003c/span\u003e.\nThis work is published from:\n\u003cspan property=\"vcard:Country\" datatype=\"dct:ISO3166\"\n      content=\"US\" about=\"[_:publisher]\"\u003e\n  United States\u003c/span\u003e.\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrugee%2Fpassword-requirements-dataset","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstrugee%2Fpassword-requirements-dataset","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrugee%2Fpassword-requirements-dataset/lists"}