Add password entropy requirements #2727
Comments
|
The most common library for this is zxcvbn by Dropbox, and there's an official JS port for it as well. Looking around, there's an alternative implementation named zxcvbn-ts and that might also be worth taking a look. zxcvbn-ts seems to have the languages separate, it's 9 kB minzipped for the core library, and 225.9 kB + 551.9 kB for the common + English language set |
Also, this comment details some key changes between zxcvbn and zxcvbn-ts. And this is the demo page. |
|
There's a simpler check if we skip dictionaries and assume that the user only makes use of the 93 characters that's on their keyboard, |
|
Sorry for going a little off-topic: the serious data leakage incident at Spoutible which has been detailed today is a good reminder of how important it is to encourage users to create strong passwords when they sign up: Troy Hunt: How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
|
The account creation flow needs to measure the entropy in a password and disallow overly simple passwords.
The text was updated successfully, but these errors were encountered: