Skip to content

akrawchyk/hardpass

Repository files navigation

hardpass npm CircleCI

Lightweight password strength checker that enforces a strong password policy.

features

install

npm install hardpass --save

# or with yarn

yarn add hardpass

usage

const hardpass = require('hardpass');

hardpass('qwerty123');
/*
{
  score: 0,
  feedback: {
    warning: 'Not complex enough',
    suggestions: [
      'Try adding at least 1 upper case character',
      'Try adding at least 1 special character',
      'Must be at least 10 characters long'
    ]
  }
}
*/

hardpass('Cm;cF*1f5L');
/*
{
  score: 4
}
*/

policy

Inspired by OWASP Proper Password Strenth Controls.

implemented

  • Password length
    • at least 10 characters
    • at most 128 characters
  • Password complexity
    • at least 3 of:
      • at least 1 uppercase character (A-Z)
      • at least 1 lowercase character (a-z)
      • at least 1 digit (0-9)
      • at least 1 special character (punctuation) — !"#$%&'()*+,-./:;<=>?@[\\\]^_\{|}~`
    • not more than 2 identical characters in a row (e.g., 111 not allowed)
  • Password topologies
  • Feedback messages

planned

  • Configurable feedback messages
  • Configurable password dictionaries

motivation

zxcvbn.js bundled and minified is about 400kB gzipped or 820kB uncompressed, most of which is dictionaries.[link]

We can eliminate the majority of weak passwords by enforcing baseline recommended security policies for strong passwords.

We can prune common password dictionaries to reduce their footprint as well, and provide different configurations for file-size tradeoffs.

license

MIT © Andrew Krawchyk

About

Lightweight password strength checker that enforces a strong password policy.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published