vse / passwordstrength
An extension for phpBB that will show users the strength of a password as they type it into the password field when creating or updating their account.
Package info
github.com/iMattPro/passwordstrength
Type:phpbb-extension
pkg:composer/vse/passwordstrength
Requires
- php: >=7.1.3
- composer/installers: ^1.0 || ^2.0
README
An extension for phpBB that shows users the strength of a password as they type it when registering, changing their password, or editing a user in the ACP.
Demo
Try it out yourself here: (Online Demo)
Features
- Adds an accessible password strength meter beside password fields.
- Password strength is labeled as "Very Weak", "Weak", "Good", "Strong" or "Very Strong".
- Password strength is active on user-facing registration/account password forms and supported ACP user password forms.
- Password strength is scored using one of the available algorithms:
- Complexity checks for a mix of characters, case, symbols, numbers and length. This can encourage complex passwords, but can score easily cracked passwords like
P@s$w0rdas strong. - zxcvbn calculates how guessable a password is by comparing it to dictionaries and recognizable patterns. This is a more robust strength checker that allows user-friendly passwords that are easy to remember but still hard to guess.
- Complexity checks for a mix of characters, case, symbols, numbers and length. This can encourage complex passwords, but can score easily cracked passwords like
- The zxcvbn algorithm displays localized feedback about weak passwords when available.
- zxcvbn dictionary/feedback support is included for Arabic, Croatian, Czech, Danish, Dutch (Belgium), English, Finnish, French, German, Indonesian, Italian, Japanese, Kurdish, Persian, Polish, Portuguese (Brazil), Romanian, Spanish, Thai, Turkish and Chinese.
Requirements
- phpBB 3.3.10 or newer.
- PHP 7.1.3 or newer.
Awards
- Featured MOD of the Week in the phpBB Weekly Podcast, episode #166.
Install
- Download the latest validated release.
- Unzip the downloaded release and copy it to the
extdirectory of your phpBB board. - Navigate in the ACP to
Customise -> Manage extensions. - Look for
Password Strengthunder the Disabled Extensions list and click itsEnablelink. - Choose a password strength algorithm under
ACP -> General -> User registration settings -> Password strength algorithm.
Uninstall
- Navigate in the ACP to
Customise -> Manage extensions. - Click the
Disablelink for Password Strength. - To permanently uninstall, click
Delete Data, then delete thepasswordstrengthfolder fromphpBB/ext/vse/.
Disclaimer
Password Strength is intended to encourage forum users to choose stronger passwords. It does not guarantee protection against password attacks, and it does not replace phpBB's server-side password validation or password confirmation checks. Password scoring is an estimate, so choose the strength algorithm that best fits your forum.
License
© 2013 - Matt Friedman