npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@avensio/pw-strength

v0.3.1

Published

Password Strength Checker using HTML 5 Attributes and the Validation API

Downloads

6

Readme

Password Strength Checker

This is a Vue 3 component for strength checking a password input, while providing hints on current requirements.

It uses HTML 5 Attributes - like maxLength, size, pattern - on a password input to validate the password. The setCustomValidity function from the Constraint Validation API is used to display a hint.

vue-i18n needs to be installed in your project to use this component. Translations for de, en and fr are provided. Other translations can be defined globally.

An id of a password input is required. A second, optional, id can be provided as confirmId, which refers to the password confirmation (retype password) input element. The password input elements aren't styled by default. To apply the valid and invalid state style, provide pws as an attribute on the primary password input and pws-confirm on the secondary input.

When the icon should be displayed on the right instead of the left, provide one of the following classes on the input: .icon-right, .icon-right-1 .icon-right-2.

After mounting the component, the HTML Attributes are added to the input element and also listeners are attached for checking the password (input) and show(focus)/hide(blur) the hints.

To use this component you need to import the component itself, and it's style with:

import PasswordStrength from '@avensio/pw-strength'
import '@avensio/pw-strength/style.css'

Here are all component properties and their default values:

for: null,
confirmId: null,
minLength: 10,
maxLength: 140,
needSpecialChar: true,
needLowerCaseChar: true,
needCapital: true,
needDigit: true,
needDiacritic: false,
needUmlaut: false,
backgroundColor: 'rgba(220, 230, 240, 1)',
boxShadow: '0 0 2px #2c3e50',
checkboxTransition: '0.6s',
passwordInputTransition: '0.4s'

The last 4 properties values are CSS values (background, box-shadow, transition).

Special characters are defined as follows and can be changed by providing a disjunction as regular expression:

specialCharacters: /!|§|\$|%|&|\/|\(|\)|=|\?|\*|\+|~|#|-|_|\.|:|,|;|\^|°/

Symbols reserved for Regular Expressions needs to be escaped! (e.g. \^ instead of ^; \. instead of .)

Inspect the password element with the used browser dev tools to see the html attributes set. When focusing the background changes to current validity state and the input element itself gets a hint attached. In addition, a container with all hints is shown beneath the password input.

Hints

Be aware that when a password comply to the default configuration, the password has the following keyspace and key length (without diacritic signs, umlauts etc.):
Lower case letters: l = 26
Capital letters: c = 26
Digits: 0-9 -> d = 10
Special characters: s = 21
min length: m = 10

All symbols:
l + c + d + s
26 + 26 + 10 + 21 = 83

when m = 8
keyspace: 83^m = 83^8 about 2.25 * 10^15, or 2^51
key length: log2(83^8) about 51, so 51 bit

when m = 10
keyspace: 83^10 about 1.55 * 10^19, or 2^63.75
key length: log2(83^10) about 63.75, so 64 bit

when m = 11
keyspace: 83^11 about 1.29 * 10^21, or 2^70.13
key length: log2(83^11) about 70,13, so 71 bit

when m = 12
keyspace: 83^12 about 1.07 * 10^23, or 2^76.5
key length: log2(83^12) about 76,5, so 77 bit

when m = 13
keyspace: 83^13 about 8.87 * 10^24, or 2^82.87
key length: log2(83^13) about 82.87, so 83 bit

when m = 14
keyspace: 83^14 about 7.36 * 10^26, or 2^89.25
key length: log2(83^14) about 89.25, so 90 bit

when m = 15
keyspace: 83^15 about 6.11 * 10^28, or 2^95.63
key length: log2(83^15) about 95.63, so 96 bit

when m = 16
keyspace: 83^16 about 5.07 * 10^30, or 2^102
key length: log2(83^16) about 102 bit

when m = 17
keyspace: 83^17 about 4.21 * 10^32, or 2^108.38
key length: log2(83^17) about 108.38, so 109 bit

when m = 18
keyspace: 83^18 about 3.49 * 10^34, or 2^114.75
key length: log2(83^18) about 114.75, so 115 bit

when m = 19 keyspace: 83^19 about 2.9 * 10^36, or 2^121.13
key length: log2(83^19) about 121.13, so 122 bit

when m = 20
keyspace: 83^20 about 2.41 * 10^38, or 2^127.5
key length: log2(83^20) about 127.5, so 128 bit

What I learned, future-proof is about 128-bit key length and 64-bit is searchable in days (with brute-force).
Therefore, to have a future-proof password, you need at least 20 Characters with the default configuration.

This, of course, may vary with another source.

It is possible to increase the amount of symbols, instead of increasing the minimum password length. Just pass the default specialCharacters Regex, plus some extra characters, over to the component. But, this has not that much effect on the actual key length, as increasing the minimum password length (m).