WordPress.org

Forums

Zxcvbn
[resolved] forcing strong passwords (6 posts)

  1. Steve Taylor
    Member
    Posted 1 year ago #

    I do the Force Strong Passwords plugin (http://wordpress.org/plugins/force-strong-passwords/). I just read about WP 3.7 switching to zxcvbn. My plugin replicates the current password strength JS in PHP, in order to do server-side validation on the user edit screen, and force strong passwords to be used for users with "executive" capabilities.

    A quick look at the zxcvbn script tells me replicating this might be a tall order! I can't see any attempts to port it to PHP around. Are you aware of anything like this? Any plans to implement something to force strong passwords in your zxcvbn plugin?

    http://wordpress.org/plugins/zxcvbn/

  2. Samuel Wood (Otto)
    WordPress.org Tech Guy
    Plugin Author

    Posted 1 year ago #

    No plans to do that, no. And yes, porting that would be very difficult indeed. :)

  3. arivuword
    Member
    Posted 1 year ago #

    I am using the force strong password plugin. I have customized the code in force strong password plugin for this password requirement(The password should be six to eight characters long. Use Alpha numeric with at least one special character.)

    If we entered the six to eight characters with 1 alpha numeric and 1 special character. then the strength indicator noted as weak password.

    but the user is uploaded success fully. How to change the password weak to strong?

    Kindly help me.

  4. Steve Taylor
    Member
    Posted 1 year ago #

    @arivuword, first off this thread is about the zxcvbn plugin, not my Force Strong Passwords (looks like the zxcvbn plugin is dead now, since that functionality is part of core).

    Second, I doubt it's a good idea to modify the use of the zxcvbn criteria for strong passwords. AFAIK it's a solid, well-researched bit of code. Switching back to now-archaic (but still widely used) criteria like those you describe isn't really worth it.

    Third, I don't have much time at the moment, and while I'm happy to look into bugs you might have found in the plugin, I'm not able to handle feature requests and hacks, sorry!

    Fourth, even if I did have time, it would be hard to help you as I have no idea what code changes you've made. When you do ask for coding help, always give access to the code you're working with in some way. :-)

  5. arivuword
    Member
    Posted 1 year ago #

    ok thanks for your reply. How can i change the weak password (more than 6characters) to strong in wp-admin/js/password-strength-meter.min.js,user-profile.min.js

  6. Steve Taylor
    Member
    Posted 1 year ago #

    No idea. In any case, that's a core file, and shouldn't be modified.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic