我使用Auth0进行身份验证并为用户获取令牌。然后我使用Auth0仪表板创建了一个测试用户。
当我尝试使用我的Android应用程序登录时,它会成功登录,但在日志中我获得了Success Login之后的记录以及pwd_leak之后的记录。
有人可以解释这个pwd_leak的含义吗?
答案 0 :(得分:0)
Auth0 provides built-in tools to detect anomalies and stop malicious attempts to access your application. This is known as anomaly detection.
One of it's features is the detection of the usage of credentials that have been leaked publicly. See the Breached Password Detection section for more information, but very simplified is that if user tries to login with identical email/password combination to ones that have been publicly leaked then Auth0 can be configured to notify or block those attempts.
The pwd_leak indication on the logs will likely mean that the associated credentials were part of a public leak. The ';--have i been pwned? application might be of interest because it's also another place that tracks known password leaks and a good way to check if you might have been compromised.