Plugin for devise to reject weak passwords, using zxcvbn-ruby which is a ruby port of zxcvbn: realistic password strength estimation. The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 102, 104, 106, 108, Infinity.
Add this line to your application's Gemfile:
gem 'devise_zxcvbn'
class User < ActiveRecord::Base
devise :database_authenticatable, :validatable, :zxcvbnable
end
A score of less than 3 is not recommended.
Devise.setup do |config|
config.min_password_score = 4
end
Example error message, the score and min_password_score variables are also passed through if you need them.
# config/locales/devise.en.yml
en:
errors:
messages:
weak_password: "Password not strong enough. Consider adding a number, symbols or more letters to make it stronger."
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request