Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/strugee/password-requirements-dataset

Dataset of what websites impose insecure password limits, or crash on strong passwords
https://github.com/strugee/password-requirements-dataset

database dataset hacktoberfest insecurity json json-data json-schema password-safety password-strength security-dataset

Last synced: 22 days ago
JSON representation

Dataset of what websites impose insecure password limits, or crash on strong passwords

Awesome Lists containing this project

README

        

# Password requirements dataset

[![Node.js CI](https://github.com/strugee/password-requirements-dataset/actions/workflows/node.js.yml/badge.svg)](https://github.com/strugee/password-requirements-dataset/actions/workflows/node.js.yml)

This repository contains a database of password limits that different websites impose. The major focus is on limits that are arbitrary, indicate some underlying insecure design, or prevent the usage of strong passwords (e.g. because strong passwords crash the website).

## Goals

This the overarching, ambitious goal of this project is to improve the state of internet password security by doing two things:

1. Helping users pick the strongest passwords they are allowed to for websites
2. Enabling public shaming of websites that don't get this right

Eventually it would be awesome if this data was used by password managers to generate even stronger passwords, without having to make conservative choices for broad compatibility. But the data included is designed to be flexible and detailed enough to enable all sorts of applications that haven't even been thought of yet.

## Usage

Each entry in the dataset is represented in a JSON file in the `data/` directory. Copyright is waived on this data (see "License" below), so you are welcome to do whatever you want with it. That being said, if you build tooling around this dataset - for example, to load it into a SQLite database so it can be efficiently queried, or a hall of shame page for websites with bad password practices - you are _highly_ encouraged to submit either your tool itself or a link to your tool in a Pull Request.

More information on the format of each entry is forthcoming. In the meantime, you can use the (mostly-complete) JSON Schema in `schema.json` as a reference point.

### `meta.json`

`meta.json` contains meta-information about the dataset. Currently it has only one key, `schema-version`, which will be increased every time the schema is updated in a backwards-incompatible way. It will not be changed if backwards-compatible additions are made.

Note that the addition of new enum values is _**not**_ considered backwards-incompatible. Therefore, you should expect to handle the following:

* Unknown properties
* Unknown `issue_name` values
* Unknown issue `type` values
* Unknown issue `source` values (and therefore, unknown `additional_sources` values)

For most applications, it would probably be sensible to ignore anything you don't understand.

## Author

AJ Jordan

## License



CC0



To the extent possible under law,

AJ Jordan

has waived all copyright and related or neighboring rights to
Password requirements dataset.
This work is published from:

United States
.