@avensio/pw-strength
v0.3.1
Published
Password Strength Checker using HTML 5 Attributes and the Validation API
Downloads
6
Readme
Password Strength Checker
This is a Vue 3 component for strength checking a password input, while providing hints on current requirements.
It uses HTML 5 Attributes - like maxLength, size, pattern - on a password input to validate the password. The setCustomValidity
function from the Constraint Validation API is used to display a hint.
vue-i18n needs to be installed in your project to use this component. Translations for de, en and fr are provided. Other translations can be defined globally.
An id
of a password input is required. A second, optional, id can be provided as confirmId
, which refers to the password confirmation (retype password) input element. The password input elements aren't styled by default. To apply the valid
and invalid
state style, provide pws
as an attribute on the primary password input and pws-confirm
on the secondary input.
When the icon should be displayed on the right instead of the left, provide one of the following classes on the input: .icon-right, .icon-right-1 .icon-right-2
.
After mounting the component, the HTML Attributes are added to the input element and also listeners are attached for checking the password (input
) and show(focus
)/hide(blur
) the hints.
To use this component you need to import the component itself, and it's style with:
import PasswordStrength from '@avensio/pw-strength'
import '@avensio/pw-strength/style.css'
Here are all component properties and their default values:
for: null,
confirmId: null,
minLength: 10,
maxLength: 140,
needSpecialChar: true,
needLowerCaseChar: true,
needCapital: true,
needDigit: true,
needDiacritic: false,
needUmlaut: false,
backgroundColor: 'rgba(220, 230, 240, 1)',
boxShadow: '0 0 2px #2c3e50',
checkboxTransition: '0.6s',
passwordInputTransition: '0.4s'
The last 4 properties values are CSS values (background
, box-shadow
, transition
).
Special characters are defined as follows and can be changed by providing a disjunction as regular expression:
specialCharacters: /!|§|\$|%|&|\/|\(|\)|=|\?|\*|\+|~|#|-|_|\.|:|,|;|\^|°/
Symbols reserved for Regular Expressions needs to be escaped! (e.g. \^
instead of ^
; \.
instead of .
)
Inspect the password element with the used browser dev tools to see the html attributes set. When focusing the background changes to current validity state and the input element itself gets a hint attached. In addition, a container with all hints is shown beneath the password input.
Be aware that when a password comply to the default configuration, the password has the following keyspace and key length (without diacritic signs, umlauts etc.):
Lower case letters: l = 26
Capital letters: c = 26
Digits: 0-9 -> d = 10
Special characters: s = 21
min length: m = 10
All symbols:
l + c + d + s
26 + 26 + 10 + 21 = 83
when m = 8
keyspace: 83^m = 83^8 about 2.25 * 10^15, or 2^51
key length: log2(83^8) about 51, so 51 bit
when m = 10
keyspace: 83^10 about 1.55 * 10^19, or 2^63.75
key length: log2(83^10) about 63.75, so 64 bit
when m = 11
keyspace: 83^11 about 1.29 * 10^21, or 2^70.13
key length: log2(83^11) about 70,13, so 71 bit
when m = 12
keyspace: 83^12 about 1.07 * 10^23, or 2^76.5
key length: log2(83^12) about 76,5, so 77 bit
when m = 13
keyspace: 83^13 about 8.87 * 10^24, or 2^82.87
key length: log2(83^13) about 82.87, so 83 bit
when m = 14
keyspace: 83^14 about 7.36 * 10^26, or 2^89.25
key length: log2(83^14) about 89.25, so 90 bit
when m = 15
keyspace: 83^15 about 6.11 * 10^28, or 2^95.63
key length: log2(83^15) about 95.63, so 96 bit
when m = 16
keyspace: 83^16 about 5.07 * 10^30, or 2^102
key length: log2(83^16) about 102 bit
when m = 17
keyspace: 83^17 about 4.21 * 10^32, or 2^108.38
key length: log2(83^17) about 108.38, so 109 bit
when m = 18
keyspace: 83^18 about 3.49 * 10^34, or 2^114.75
key length: log2(83^18) about 114.75, so 115 bit
when m = 19
keyspace: 83^19 about 2.9 * 10^36, or 2^121.13
key length: log2(83^19) about 121.13, so 122 bit
when m = 20
keyspace: 83^20 about 2.41 * 10^38, or 2^127.5
key length: log2(83^20) about 127.5, so 128 bit
What I learned, future-proof is about 128-bit key length and 64-bit is searchable in days (with brute-force).
Therefore, to have a future-proof password, you need at least 20 Characters with the default configuration.
This, of course, may vary with another source.
It is possible to increase the amount of symbols, instead of increasing the minimum password length. Just pass the default specialCharacters
Regex, plus some extra characters, over to the component. But, this has not that much effect on the actual key length, as increasing the minimum password length (m).