Am I doing something wrong?

[rbanno]

When using the demo page for this component I tried using entering password and password123, the latter came back as a "green" password. This is a really common password, how comes the strength isn't lower?

If I do the same thing using: https://lowe.github.io/tryzxcvbn/, then this comes back with a score of 0.

Output from above:

_> password: | password123

guesses_log10: | 2.77525
score: | 0 / 4
function runtime (ms): | 0
guess times:
100 / hour: | 6 hours | (throttled online attack)
10  / second: | 60 seconds | (unthrottled online attack)
10k / second: | less than a second | (offline attack, slow hash, many cores)
10B / second: | less than a second | (offline attack, fast hash, many cores)
warning: | This is a very common password
suggestions: | - Add another word or two. Uncommon words are better._

Is this something that can be configured within the component?

[rbanno]

Apologies, I tried the vue.js component and that worked as I would expect, so I am hopeful this is something that can be configured.

Please see the screen shots below, both testing with password123

Vue.js example

Angular example

[PooSham]

This package uses the npm package zxcvbn3 to calculate the score, not dropbox's original implementation. That npm package isn't maintained anymore (and probably not this one either). I might try to maintain a fork of this project where zxcvbn-ts is used as default (maybe with the possibility to easily inject another score calculator). zxcvbn-ts gives "password123" a score of 0, check it out here: https://zxcvbn-ts.github.io/zxcvbn/demo/

[rbanno]

Thanks – that looks like a great option From: Jean-Philippe ***@***.*** Sent: 07 January 2022 18:59 To: antoantonyk/password-strength-meter ***@***.***> Cc: Bannister, Richard M ***@***.***>; Author ***@***.***> Subject: Re: [antoantonyk/password-strength-meter] Am I doing something wrong? (Issue #51) CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

…

________________________________ This package uses the npm package zxcvbn3 to calculate the score, not dropbox's original implementation. That npm package isn't maintained anymore (and probably not this one either). I might try to maintain a fork of this project where zxcvbn-ts [github.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_zxcvbn-2Dts_zxcvbn&d=DwMCaQ&c=yvNT9Dtunj3a2-D-Zo8LLYm1fwaz5dfbPYDquTCDjtI&r=PFsRYRREGP8GWpQBFx_hscO1rcaV6BTyj67DA6oV3ozio1lPYw-cr-alnA8hGEmW&m=IiEy6utcdrU3nm7fRh7TkfOL4aBQMu8YjwAdLhcnNVk8S1sJJaanSfGu2uL8WMie&s=h46RqPn3pBiLG36t0Dd-_rCnmOrNgn1OkXDL2KI2t1E&e=> is used as default (maybe with the possibility to easily inject another score calculator). zxcvbn-ts gives "password123" a score of 0, check it out here: https://zxcvbn-ts.github.io/zxcvbn/demo/ [zxcvbn-ts.github.io]<https://urldefense.proofpoint.com/v2/url?u=https-3A__zxcvbn-2Dts.github.io_zxcvbn_demo_&d=DwMCaQ&c=yvNT9Dtunj3a2-D-Zo8LLYm1fwaz5dfbPYDquTCDjtI&r=PFsRYRREGP8GWpQBFx_hscO1rcaV6BTyj67DA6oV3ozio1lPYw-cr-alnA8hGEmW&m=IiEy6utcdrU3nm7fRh7TkfOL4aBQMu8YjwAdLhcnNVk8S1sJJaanSfGu2uL8WMie&s=T6o1OI9ctydo6uDUWepRD8yhbcEdhIJia5jWS7pvLwQ&e=> — Reply to this email directly, view it on GitHub [github.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_antoantonyk_password-2Dstrength-2Dmeter_issues_51-23issuecomment-2D1007657235&d=DwMCaQ&c=yvNT9Dtunj3a2-D-Zo8LLYm1fwaz5dfbPYDquTCDjtI&r=PFsRYRREGP8GWpQBFx_hscO1rcaV6BTyj67DA6oV3ozio1lPYw-cr-alnA8hGEmW&m=IiEy6utcdrU3nm7fRh7TkfOL4aBQMu8YjwAdLhcnNVk8S1sJJaanSfGu2uL8WMie&s=zfWj9wy9duFmt7wLQMIaWDneteroUIWgrvOBsyjZEQo&e=>, or unsubscribe [github.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ACYPE7TX7JYTOHIFB7H54CLUU4ZYBANCNFSM5IJ3GQTQ&d=DwMCaQ&c=yvNT9Dtunj3a2-D-Zo8LLYm1fwaz5dfbPYDquTCDjtI&r=PFsRYRREGP8GWpQBFx_hscO1rcaV6BTyj67DA6oV3ozio1lPYw-cr-alnA8hGEmW&m=IiEy6utcdrU3nm7fRh7TkfOL4aBQMu8YjwAdLhcnNVk8S1sJJaanSfGu2uL8WMie&s=MdgDKf3EI5BYcQe3RsTZDRpbtNKyMeejX7qLVVLgYqc&e=>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

---------------------------------------------------------------------- Go paperless and view your bills 24/7 when you sign up to manage your account online. Go to https://my.southeastwater.co.uk and register today! For details of how we manage your personal information or to exercise any of your rights over it please see www.southeastwater.co.uk/privacy. This e-mail transmission is intended only for the use of the person(s) to whom it was intended to be sent and may be privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient please do not copy or convey this message or any attachment to any other Person but send it back to us and then immediately and permanently delete this message. It shall be understood by the recipient(s) that conclusions, opinions and other information contained in the above e-mail not relating to the official scope of business of South East Water Ltd shall be deemed not to have been given or endorsed by South East Water Ltd. South East Water Limited Registered Office: Rocfort Road, Snodland, Kent, ME6 5AH, UK Place of Registration: England Registration Number: 2679874

[antoantonyk]

Hi all,

I just updated the lib with zxcvbn-ts. Hope this will solve the issue.