<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y000069Oa5tSACOkta Classic EngineAdministrationAnswered2024-03-25T06:48:04.000Z2019-04-12T16:54:19.000Z2021-05-24T07:24:18.000Z

  • Mihai N. (Okta, Inc.)

    Hi Bolton, 

     

    Thank you for reaching out to the Okta Community. 

     

    The feature indicates whether to check passwords against a common password dictionary. 

    We've complied list of over 10M passwords from variety of sources (breached, sprayed, etc.) and narrowed it to the most common ones (around 2000).

    Please note that we continuously monitor the security landscape in the industry, update the list (we currently do not have a schedule for updating this list, but will update it ad hoc as more data becomes available) and it will not be made public.

     

     

     

    Regards, 

    Mihai Negoita

    Okta Global Customer Care.

    Expand Post
    Selected as Best

  • Mihai N. (Okta, Inc.)

    Hi Bolton, 

     

    Thank you for reaching out to the Okta Community. 

     

    The feature indicates whether to check passwords against a common password dictionary. 

    We've complied list of over 10M passwords from variety of sources (breached, sprayed, etc.) and narrowed it to the most common ones (around 2000).

    Please note that we continuously monitor the security landscape in the industry, update the list (we currently do not have a schedule for updating this list, but will update it ad hoc as more data becomes available) and it will not be made public.

     

     

     

    Regards, 

    Mihai Negoita

    Okta Global Customer Care.

    Expand Post
    Selected as Best

  • Wils (Okta, Inc.)

    Since the feature was GA'd in the summer of 2019, we have updated the list to include the top 100,000 most common passwords. As Mihai said previously, we continue to update the list over time.

  • ngyid (ngyid)

    Why doesn't Okta also disallow specific pairs that have been found?​

    • Mihai N. (Okta, Inc.)

      It could have something to do with the dictionary/data set currently use. This is subject to change/updates. That being said, please open a support ticket if you would like us to perhaps go in depth, and perhaps involve the Product team for more details.

  • uq9ep (uq9ep)

    Where can I find more up to date info about the dictionary you're using? Wondering things like the size of the dict. Is it sharing the haveibeenpwned dictionary? https://haveibeenpwned.com/Passwords

  • Mihai N. (Okta, Inc.)

    @uq9ep (uq9ep)​  I do apologize for the late reply. I'm no longer active on the support site.

    To answer your questions:

    As of now, Okta will NOT share that data. We can share our process, but sharing which passwords we detect allows attackers to know which passwords to skip. Additionally, we reserve the right to change that list at any time.

    Expand Post
This question is closed.
Loading
What classifies as a common password?