How To: Set up simple password complexity requirements

Kenneth Transier edited this page Jul 14, 2018 · 8 revisions

Best solution would be so use a 3rd party library like strong_password that tries to comply with NIST requirements:

June 2016:

Here is a simple method of adding a password strength / complexity requirement to devise without using devise security extension (using extension is recommended.)

Example: add the following line to user.rb in app/models directory. Edit Regex to your liking

  validate :password_complexity
  def password_complexity
    # Regexp extracted from
    return if password.blank? || password =~ /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,70}$/

    errors.add :password, 'Complexity requirement not met. Length should be 8-70 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character'

Afterwards, password created by the user, admin must meet the regex requirements.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.