Compatible XF 2.x versions
Password Tools
Description
Source
This modification mostly follows the principles of Dan Wheeler's password strength estimator zxcvbn. It does not weigh password strength by their combination of upper/lower letters, special characters, and numbers, but on how easy they are to crack in reality.
To increase the safety of your user's accounts, you can force them to use passwords of a minimum length, and minimum strength and even force them to exclude certain words from their passwords (like your site name, the topic your site refers to, etc.).
But the other side of the equation is no matter how secure the password is if it has been compromised no password strength estimator will help make it better. As such NIST has the following guidance: check passwords against those obtained from previous data breaches. Pwned Password integration does that.
Features
- 2.2
Password Tools
Description
Source
This modification mostly follows the principles of Dan Wheeler's password strength estimator zxcvbn. It does not weigh password strength by their combination of upper/lower letters, special characters, and numbers, but on how easy they are to crack in reality.
To increase the safety of your user's accounts, you can force them to use passwords of a minimum length, and minimum strength and even force them to exclude certain words from their passwords (like your site name, the topic your site refers to, etc.).
But the other side of the equation is no matter how secure the password is if it has been compromised no password strength estimator will help make it better. As such NIST has the following guidance: check passwords against those obtained from previous data breaches. Pwned Password integration does that.
Features
- Show password feature, allow users to toggle to see what they have entered.
- Show users how strong their passwords are when it comes to crack-attempts
- Deliver instant feedback if the password and password-confirm match and/or certain requirements are not met
- Force users to choose passwords with a minimum strength
- Force users to choose passwords with a minimum length
- Force users to choose a password not containing words from a blacklist you define
- No cheating: This modification also controls users' passwords on the server side with Ben Jeavos PHP implementation of zxcvbn.
- Easy styling through XenForo Style Properties