Use zxcvbn for password requirements

Question

Use zxcvbn for password requirements

Closed this issue 3 years ago · 3 comments

Answer 1 · 2021-09-16T07:11:35.000Z

Will implement a port for this library in PPM.

Answer 2 · 2021-09-16T07:13:46.000Z

The documentation should be updated to specify that the server is responsible for checking if the password is secured or not and it is not required to follow a standard, however if any suggestions were to be made it would be to use zxcvbn for checking the security of a password

@the-blank-x

Answer 3 · 2021-09-18T13:18:20.000Z

Added support for this, the error InvalidPassword (Code, 8449), will contain a message explaining why the password is weak instead of a generic "The password is invalid" response, however! Implementing zxcvbn is only a server side feature and NOT CONSIDERED STANDARD, the server set it's own policies to determine what it considers a safe password or not if it even supports it in the first place. Socialvoid's standard is designed to support multiple methods of authentication and passwords are not a requirement.