Support » Plugin: WC Password Strength Settings » Each level requirements

  • Resolved vannevar1

    (@vannevar1)


    Hi and thanks for the plugin.
    I set it up for my site and works great.
    The only thing missing is the password requirements for each level so I can
    put them in the Hint message.
    I understand that those requirements are set by woocommerce but I couldn’t
    find them anywhere, so I thought I would check with you 🙂

    • This topic was modified 5 months ago by vannevar1.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Danny Santoro

    (@danielsantoro)

    Automattic Happiness Engineer

    Hi @vannevar1

    Sure thing! I’ve written a guide to explain how the passwords are calculated here: https://github.com/DanielSantoro/wc-password-strength-settings/wiki/How-Password-Strength-is-Determined

    In short it’s kind of complicated – capitals and symbols and numbers help, but length is almost always the key factor.

    An example of a password that is easy to break is Drag0nz!. That password would work for most sites (even banks and government sites), since the standard seems to be eight characters, a capital, a number, and a symbol. However, it would on average be cracked by a computer attempting a login 10 times a second within half an hour.

    This is insecure because:
    1. For some reason, “dragons” is one of the top ten most popular passwords worldwide.
    2. Capitalization typically doesn’t matter – a computer can guess hundreds, thousands, or even millions of times per hour so it doesn’t take long to get to that by just guessing.
    3. Numbers replacing letters is an extremely easy thing to switch, since there’s only a few letters that you can do that with.

    On the other side, this password is easier to remember (in my opinion): paper folder in a box. I made that up because next to me, there is a paper folder in a box. It’s easy to remember, and even if a dedicated supercomputer was guessing ten billion times per second, it would still take three years on average to break the password.

    Hopefully this helped give you some insight, and the documentation I linked to should have some more examples. 🙂

    Thread Starter vannevar1

    (@vannevar1)

    First of all thank you for replying.

    I had already read your guide when I posted the questions. I understand the logic
    by which the strength is determined. My problem is that if for example I pick
    strength level 4, I need to put a HINT TEXT, explaining to people what kind of password they need to make. For example, do they need 8,9,10 digits? Do they need both letters and numbers? Do they need special characters?

    Plugin Author Danny Santoro

    (@danielsantoro)

    Automattic Happiness Engineer

    In each level, you should be able to customize the message, so if it’s weak, you could say:

    “Weak Password: please use at least 12 characters, a number, and a special character”

    Then copy that to other levels, like:

    “Medium Password: please use at least 12 characters, a number, and a special character”

    Right now there isn’t a separate area to add information about length or requirements, though it is on the roadmap in the future.

    Thread Starter vannevar1

    (@vannevar1)

    So for level 4 you need 12characters, a number and a scecial character?
    What about level 3?

    Plugin Author Danny Santoro

    (@danielsantoro)

    Automattic Happiness Engineer

    There aren’t rules like that to determine the password in WordPress/WooCommerce/this plugin. WordPress uses some code called zxcvbn (Link Here).

    So, there aren’t requirements for a special character or number for each level, it looks at your password from a broader point of view.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.