View Source NotQwerty123.PasswordStrength (NotQwerty123 v2.4.0)

Module to check password strength.

This module does not provide a password strength meter. Instead, it simply rejects passwords that are considered too weak. Depending on the nature of your application, a solid front end solution to password checking, such as this Dropbox implementation might be a better idea.

Password strength

In simple terms, password strength depends on how long a password is and how easy it is to guess it. In most cases, passwords should be at least 8 characters long, and they should not be similar to common passwords, like password or qwerty123, or consist of repeated characters, like abcabcabcabc. Dictionary words, common names and user-specific words (company name, address, etc.) should also be avoided.

Further information

The NIST password guidelines.

The Comeonin wiki also has links to further information about password-related issues.

Link to this section Summary

Functions

Check the strength of the password.

Link to this section Functions

Link to this function

strong_password?(password, opts \\ [])

View Source

Check the strength of the password.

It returns {:ok, password} or {:error, message}.

The password is checked to make sure that it is not too short, that it does not consist of repeated characters (e.g. 'abcabcabcabc') and that it is not similar to any word in the common password list.

See the documentation for NotQwerty123.WordlistManager for information about customizing the common password list.

Options

There is only one option:

  • :min_length - minimum allowable length of the password
    • default is 8