Very near other fields match #13

ghost · 2012-08-16T14:13:48Z

I'm currently implementing this on a site and several users found that they can enter their password without the @ sign. I pass the email in the input fields argument. I'm not sure if this needs a stronger check, for instance a user might use a combination of their name and company for the password. So perhaps any instance of another field found anywhere in the password should reduce the strength, and a match of the password without the @ sign fail?

lowe · 2012-08-17T00:52:32Z

Hi PXLRic,

the second argument to zxcvbn(), user_inputs, can be any list of tokens you like. So you could add all of these yourself to get the behavior you're looking for:

myemail@example.com
myemailexample.com
myemail
example.com

Cheers,
Dan

ghost · 2012-08-17T07:02:39Z

Good point!

On 17/08/2012 01:52, Dan Wheeler wrote:

Hi PXLRic,

the second argument to zxcvbn(), user_inputs, can be any list of
tokens you like. So you could add all of these yourself to get the
behavior you're looking for:

myemail@example.com mailto:myemail@example.com
myemailexample.com
myemail
example.com

Cheers,
Dan

—
Reply to this email directly or view it on GitHub
#13 (comment).

lowe closed this as completed Jan 22, 2013

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Very near other fields match #13

Very near other fields match #13

ghost commented Aug 16, 2012

lowe commented Aug 17, 2012

ghost commented Aug 17, 2012

Very near other fields match #13

Very near other fields match #13

Comments

ghost commented Aug 16, 2012

lowe commented Aug 17, 2012

ghost commented Aug 17, 2012