I’m looking to see both what is out there and what people use and recommend or don’t.
I’ve looked at the following
[https://wordpress.org/documentation/article/password-best-practices/](https://wordpress.org/documentation/article/password-best-practices/) and I am wondering what WordPress plugins are used to help with these principals.
And I see that SolidWP (formerly Ithemes Security) and WordFence both have a check box? Is that any good?
It looks like Mini Oranges Password Policy Manager looks comprehensive, anyone used it?
Are you doing any of these things, or others?
avoiding common substitutions
avoiding passwords in data dumps (haveIbeenpowned stuff)
avoiding short passwords
avoiding previously used password
avoiding users appending digits
avoiding dictionary words
avoiding repetitive or sequential characters
avoiding context specific words
forcing password changes periodically
running any password auditing tools
Are you doing anything else…?
Also how about password managers, I am using KeyPass as I like the fact its not in the cloud, I have used BitWarden too for personal stuff. What are you using or recommending and why?
My guess is this will move into MFA / WAF / logging and blocking and salt shaker territory which is cool, but was trying to hone in on the password policy side of things, but feel free to go wild and off track!
Have I missed any worth thinking about, the more tin foil hat the better?
Feel free to share any links to any adjacent reading material.
So what are you using or what is interesting to you?
[ad_2]
Have used Wordfence for some time and even its default defenses are robust. I only recently strengthened some of those settings.
Bitwarden seems one of the best PW Managers out there with as much features as I’d need. And enough high end security that it would be difficult to be compromised if it’s used as designed.