[Xon] Password Tools

[Xon] Password Tools 3.14.1

Нет прав на скачивание
Совместимость с XF
  1. 2.3.x
  2. 2.2.x
Краткое описание
Enhance user account security with our password strength estimator inspired by Dan Wheeler's zxcvbn. Force minimum length, strength and exclude blacklist words for added safety. Stay protected from compromised passwords using NIST-recommended Pwned Passwords service. Easy styling through XenForo Style Properties.
password_strength.webp

This modification mostly follows the principles of Dan Wheelers password strength estimator zxcvbn. It does not weight password strength by their combination of upper/lower letters, special characters and numbers, but on how easy they are to crack in reality.
To increase the safety of your users account, you can force them to use passwords of a minimum length, minimum strength and even force them to exclude certain words from their passwords (like your site name, the topic your site refers to, etc.).
But the other side of the equation, is no matter how secure the password is, if it has been compromised not password strength estimator will help make it better. As such NIST has the following guidance: check passwords against those obtained from previous data breaches. Pwned Password integration does that.
zxcvbn Readme said:
zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative entropy calculations, it recognizes and weighs 10k common passwords, common names and surnames according to US census data, popular English words, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
Consider using zxcvbn as an algorithmic alternative to password policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".
Pwned password said:
Password reuse and credential stuffing
Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.
NIST's guidance: check passwords against those obtained from previous data breaches
The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches . The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed.
Click to expand...
Features
  • Show password feature, allow users to toggle to see what they have actually entered.
  • Show users how strong their passwords really are when it comes to crack-attempts
  • Deliver instant feedback if password and password-confirm match and/or certain requirements are not met
  • Force users to choose passwords with a minimum strength
  • Force users to choose passwords with a minimum length
  • Force users to chooce a password not containing words from a blacklist you define
  • No cheating: This modification also controls users passwords on server side with Ben Jeavos php-implementation of zxcvbn.
  • Easy styling through XenForo Style Properties
Options
style-properties.webp
  • password_login_hide.webp
    password_login_hide.webp
    16.3 КБ · Просмотры: 0
  • password_login_show.webp
    password_login_show.webp
    16.4 КБ · Просмотры: 0
  • style-properties.webp
    style-properties.webp
    38.5 КБ · Просмотры: 0
Автор
newimage
Просмотры
1,246
Тип расширения
zip
Размер файла
496.4 КБ
Первый выпуск
Последнее обновление
Оценки 0.00 звезды 0 оценок
Ссылка не работает? Отправить сообщение команде NP, и мы поможем вам очень быстро!
Поддержите разработчика Если вы довольны тестом или ваш проект приносит доход, нажмите кнопку «Больше информации», чтобы поддержать разработчика покупкой.

Последние обновления

  1. 3.14.1 - change log
    Require StandardLib v1.23.0+ Add Custom 2fa device trust lifetime option (default disabled) Phrase to customize...
  2. 3.13.1 - change log
    Remove unused style properties
  3. 3.13.0 - change log
    Require StandardLib v1.22.0+ Reduce pwnedpassword check HTTP request time-out from 2 seconds to 1 second as this blocks the login request...

Больше Ресурсов от newimage

Falang для YOOtheme Pro Joomla N
Falang für Plugin zum YOOtheme-Berätler macht die Übersetzung Ihrer YOOtheme-Berätler-Seite einfacher.
Просмотры
695
Обновлено
Аудит SEO - Аналитика SEO, Слегкое URL, Изображение и Сайт-мап N
Найдите первое место в Hit Google с помощью лучших практик SEO 2021! Очень хорошая
Просмотры
1,723
Обновлено

Похожие ресурсы

[BS] GitHub Dev Tools Y
add-on automatically creates a symlink.
Просмотры
625
Обновлено
[AndyB] Approval queue tools A
Allows mass updating of approval queue content.
Просмотры
890
Обновлено
[AndyB] Forum password A
A table called xf_forum_password is created in the database.
Просмотры
588
Обновлено
Назад
Вверх