troyhunt / password-purgatory Goto Github PK

I don't know where to post it but I've just read this and it's hilarious
https://www.troyhunt.com/sending-spammers-to-password-purgatory-with-microsoft-power-automate-and-cloudflare-workers-kv/

If someone puts the work to replicate that workflow with Gmail, I would love to know about it

Hi there,
It seems to me that there is no way I can fulfill both conditions that lead to the following error messages :

Password must contain repeating characters.
Password must contain only unique characters.

So I'm unable to reach the Ridiculous Infuriation Level, which makes me pretty sad :(

Maybe such "nemesis" rules shouldn't be allowed together, or maybe I'm missing something to satisfy both ?

If the goal is to waste as much time as possible, it would seem that the rules should remain as plausible as possible, while ideally providing as little resolving information as possible.

Have I Been Pwned's password checker (https://haveibeenpwned.com/Passwords) provides a justification for why a password is wrong that is plausible, but which provides little information on what to change to resolve it.

Given the prevalence of password reuse, it (or something like it) would likely result in at least one rejection in the majority of cases.

It would also provide cover for a delay for "checking if password has been found in data breaches", which could increase with time, and a link to haveibeenpwned showing the password reuse.

Thanks for merging my PR (#4) so quickly! Unfortunately the website is now broken for me at least, because only the HTML was updated, not the JS.

I made some changes to the JS which are not currently reflected on the web when I open https://passwordpurgatory.com/make-hell.js
When I add some bogus URL attributes (?t=123) it shows the un-minified JS with the changes. I tried with Firefox, Chrome and curl.

How often is this file regenerated?