2017 © Pedro Peláez
 

silverstripe-vendormodule silverstripe-zxcvbn

Realistic SilverStripe password strength validator based on Zxcvbn PHP

image

dhensby/silverstripe-zxcvbn

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  • Monday, July 16, 2018
  • by dhensby
  • Repository
  • 1 Watchers
  • 0 Stars
  • 1 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 5 Versions
  • 0 % Grown

The README.md

zxcvbn Password Validator

This is a drop-in replacement for the core SilverStripe\Security\PasswordValidator class. This module implements bjeavons/zxcvbn-php which provides a more realistic measure of password strength (or, rather, vulnerability)., (*1)

Installation

Install with composer:, (*2)

composer require dhensby/silverstripe-zxcvbn

Usage

This module automatically registers its validator against Injector meaning any existing instantiations of SilverStripe\Security\PasswordValidator (using the Injector factory) will automatically be replaced with this validator., (*3)

Most new SilverStripe applications come with a PasswordValidator already registered, if that's the case you'll likely need to make this change:, (*4)

In your _config.php:, (*5)

use SilverStripe\Security\PasswordValidator;
use SilverStripe\Security\Member;

-$validator = new PasswordValidator();
+$validator = PasswordValidator::create();
+$validator->setMinTestScore(3);
$validator->setMinLength(8);
$validator->setHistoricCount(6);
Member::set_password_validator($validator);

The existing rules for minimum length and historical password count still exist and will work as expected but note that a password with a short length will do well to reach a score of 3 and a short password of score 3 is going to be better than a longer password of score 2., (*6)

If you don't have any existing configuration you can set the validator up with the help of Injector and no PHP code is needed (SS 4.2+):, (*7)

SilverStripe\Security\PasswordValidator:
  min_test_score: 3

Or:, (*8)

SilverStripe\Core\Injector\Injector:
  SilverStripe\Security\PasswordValidator:
    properties:
      MinTestScore: 3

Guidance

Passwords will be given a score by the validator; that score can range from 0 - 4, with 0 being the worst and 4 the best., (*9)

In reality a score of 3 is going to be acceptable on most sites; enforcing a score of 4 will become very frustrating for most users., (*10)

The Versions

16/07 2018

dev-pulls/testing

dev-pulls/testing

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Dan Hensby

validator security password silverstripe zxcvbn

16/07 2018

dev-master

9999999-dev

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  Sources   Download

BSD-3-Clause

The Requires

 

by Dan Hensby

validator security password silverstripe zxcvbn

14/07 2018

0.1.2

0.1.2.0

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  Sources   Download

BSD-3-Clause

The Requires

 

by Dan Hensby

validator security password silverstripe zxcvbn

14/07 2018

0.1.1

0.1.1.0

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  Sources   Download

BSD-3-Clause

The Requires

 

by Dan Hensby

validator security password silverstripe zxcvbn

14/07 2018

0.1.0

0.1.0.0

Realistic SilverStripe password strength validator based on Zxcvbn PHP

  Sources   Download

BSD-3-Clause

The Requires

 

by Dan Hensby

validator security password silverstripe zxcvbn