check passwords against Pwned Passwords API
Plesk should check user typed passwords against Pwned Passwords API
https://haveibeenpwned.com/API/v2
that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks
WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2
it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/
I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)
It makes a lot of sense to do this, there are no drawbacks
it should be option that users can enable/disable
if you don't need it, you can disable it
leave it enabled, your server will be more secure
PB
shared this idea
Thank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG