Password not strong enough

[planetahuevo]

Not sure how the system try to check if a password is strong or not, but 64 characters with 256bit key autogenerated password should be enough.
But it is not.
I suggest to change the way to check the passwords on the system.

Thanks

[niftylettuce]

That's odd @planetahuevo - we use strength, and it looks like this issue is related. ruffrey/strength#2

[planetahuevo]

Can you use something like https://github.com/mkopinsky/zxcvbn-php ?
https://lowe.github.io/tryzxcvbn/
It seems that strength has not been updated for a while.

[niftylettuce]

Yeah, was hooking in zxcvbn right now https://github.com/dropbox/zxcvbn

[planetahuevo]

The one I have linked is the most updated fork, have a look into that one and the issues with a long discussion about that. As far as I know, that one has evolved and it a little different (and better imho).

[niftylettuce]

We don't use PHP

[planetahuevo]

Oh, that is true. Sorry I forgot that link was for a php project. :)

[niftylettuce]

It's ok - if you find a better JS alternative let me know, I'm going to look into this more before integrating one solution vs. another

[planetahuevo]

I will,but that one is good enough as far as I know.
In any case, just force people to get 40 characters and you are good to go ;)

[niftylettuce]

Closed via #17 - I will be deploying this in the next release soon.