NotQwerty123 v2.1.0 NotQwerty123.PasswordStrength View Source

Module to check password strength.

This module does not provide a password strength meter. Instead, it simply rejects passwords that are considered too weak. Depending on the nature of your application, a solid front end solution to password checking, such as this Dropbox implementation might be a better idea.

Password strength

In simple terms, password strength depends on how long a password is and how easy it is to guess it. In most cases, passwords should be at least 8 characters long, and they should not be similar to common passwords, like password or qwerty123, or consist of repeated characters, like abcabcabcabc. Dictionary words, common names and user-specific words (company name, address, etc.) should also be avoided.

It is important to note that these guidelines, especially those regarding password length, apply to online attacks, where the number of password attempts is limited. With offline attacks, in the case of a database leak for example, it will be far easier for an attacker to find the password, and you might want to protect against that by adopting more stringent password guidelines.

Further information

Visit the Comeonin wiki for links to further information about password-related issues.

Link to this section Summary

Functions

Check the strength of the password

Link to this section Functions

Link to this function strong_password?(password, opts \\ []) View Source

Check the strength of the password.

It returns {:ok, password} or {:error, message}

The password is checked to make sure that it is not too short and that it is not similar to any word in the common password list. See the documentation for NotQwerty123.WordlistManager for information about customizing the common password list.

Options

There is one option:

  • min_length - minimum allowable length of the password

    • default is 8