Averruncus is a library for validating that a password meets a high standard of security. It is implemented in Scala, though the approach should be transferrable to many other languages.
Rick Redman's talk "Your Password Complexity Requirements are Worthless" at AppSecUSA 2014 was the catalyst for building this project.
TODO
TODO
- Accept username/email address optionally and check that variations of it are not contained in password
- Regexes preventing the most commons topologies of passwords i.e. 'Broncos1!' style (see video/linked articles)
- Min topology change between old/new passwords
- Allowing loading of lists of most widely used passwords on internet to be explicitly blacklisted