jiriferkl/dumbpass

Smart control of dumb passwords. Guard your users from security problems by preventing them from having dumb passwords.

v1.0.1 2017-01-25 16:28 UTC

README

Latest Stable Version Build Status PHPStan License

Smart control of dumb passwords. Guard your users from security problems by preventing them from having dumb passwords.

Introduction

This package can be used to verify the user password. It checks list of 10,000 worst passwords as analyzed by an IT security analyst.

With this package you have to set absolutely nothing. Everything is pre-set. But you can set everything you like.

This package

  • Checks password strength (length, numbers, capital letters..) Default settings is bellow.
  • Checks list of 10,000 worst passwords
  • Returns result in simple object which contains:
    • boolean result variable
    • array with error messages (If any)
  • Default language is EN but you can choose another (examples bellow)

Install

Via composer

composer require jiriferkl/dumbpass

You must have PHP 7.0.

Use

Default setting is:

  • Minimum length 9 characters
  • Password has to contain at least one number
  • Password has to contain at least one capital letter
  • Password has to contain at least one lower case letter
  • Password has to contain at least one special character
  • Password has to be original not just too common

So it is very simple:

$pass = 'P@ss_wo!rd!5';

$result = DumbPass::verify($pass);

I don't want to use default setting

So go ahead.

$pass = 'P@ss_wo!rd!5';

$criteria = new Criteria();
$criteria->enforceCapitalChars(TRUE)
	->enforceNumberChars(TRUE)
	->enforceSpecialChars(TRUE)
	->enforceLowerCaseChars(TRUE)
	->allowCommonPassCheck(TRUE)
	->setLength(8);

$result = DumbPass::verify($pass, $criteria);

Can I choose different language please?

Yes.

$pass = 'P@ss_wo!rd!5';

//null -> default object
$result = DumbPass::verify($pass, NULL, Localization::get(Localization::CZ));

My language isn't an option

Well you have two options:

  • Send pull request (It's easy and it's only a few lines.)
  • Implements interface and make your own Messages class. It has one simple method.
$pass = 'P@ss_wo!rd!5';

$messages = new Messages(); //implements IMessage

//null -> default object
$result = DumbPass::verify($pass, NULL, NULL, $messages);

Now the messages are in your language. Congrats.

Do you have your own most common password list?

OK.

$pass = 'P@ss_wo!rd!5';

$passList = new PassList(); //implements IPassList

//null -> default object
$result = DumbPass::verify($pass, NULL, NULL, NULL, $passList);

Test

composer test