hardpass
v0.1.4
Published
Lightweight password strength checker that enforces a strong password policy.
Downloads
10
Readme
hardpass 
Lightweight password strength checker that enforces a strong password policy.
features
- >99% smaller than zxcvbn: just 2.0K gzipped, 4.8K minified, 8.7K uncompressed
- Feedback messages for weak passwords
- Familiar API
- Easy to (use with React)[https://github.com/akrawchyk/react-use-hardpass]
install
npm install hardpass --save
# or with yarn
yarn add hardpassusage
const hardpass = require('hardpass');
hardpass('qwerty123');
/*
{
score: 0,
feedback: {
warning: 'Not complex enough',
suggestions: [
'Try adding at least 1 upper case character',
'Try adding at least 1 special character',
'Must be at least 10 characters long'
]
}
}
*/
hardpass('Cm;cF*1f5L');
/*
{
score: 4
}
*/policy
Inspired by OWASP Proper Password Strenth Controls.
implemented
- Password length
- at least 10 characters
- at most 128 characters
- Password complexity
- at least 3 of:
- at least 1 uppercase character (A-Z)
- at least 1 lowercase character (a-z)
- at least 1 digit (0-9)
- at least 1 special character (punctuation) —
!"#$%&'()*+,-./:;<=>?@[\\\]^_\{|}~`
- not more than 2 identical characters in a row (e.g., 111 not allowed)
- at least 3 of:
- Password topologies
- Feedback messages
planned
- Configurable feedback messages
- Configurable password dictionaries
motivation
zxcvbn.js bundled and minified is about 400kB gzipped or 820kB uncompressed, most of which is dictionaries.[link]
We can eliminate the majority of weak passwords by enforcing baseline recommended security policies for strong passwords.
We can prune common password dictionaries to reduce their footprint as well, and provide different configurations for file-size tradeoffs.