vse/passwordstrength

An extension for phpBB that will show users the strength of a password as they type it into the password field when creating or updating their account.

Maintainers

Package info

github.com/iMattPro/passwordstrength

Type:phpbb-extension

pkg:composer/vse/passwordstrength

Transparency log

Statistics

Installs: 47

Dependents: 0

Suggesters: 0

Stars: 12

Open Issues: 0

1.3.1 2025-12-17 22:44 UTC

This package is auto-updated.

Last update: 2026-06-23 03:35:34 UTC


README

An extension for phpBB that shows users the strength of a password as they type it when registering, changing their password, or editing a user in the ACP.

Build Status codecov Latest Stable Version

Demo

Try it out yourself here: (Online Demo)

Features

  • Adds an accessible password strength meter beside password fields.
  • Password strength is labeled as "Very Weak", "Weak", "Good", "Strong" or "Very Strong".
  • Password strength is active on user-facing registration/account password forms and supported ACP user password forms.
  • Password strength is scored using one of the available algorithms:
    1. Complexity checks for a mix of characters, case, symbols, numbers and length. This can encourage complex passwords, but can score easily cracked passwords like P@s$w0rd as strong.
    2. zxcvbn calculates how guessable a password is by comparing it to dictionaries and recognizable patterns. This is a more robust strength checker that allows user-friendly passwords that are easy to remember but still hard to guess.
  • The zxcvbn algorithm displays localized feedback about weak passwords when available.
  • zxcvbn dictionary/feedback support is included for Arabic, Croatian, Czech, Danish, Dutch (Belgium), English, Finnish, French, German, Indonesian, Italian, Japanese, Kurdish, Persian, Polish, Portuguese (Brazil), Romanian, Spanish, Thai, Turkish and Chinese.

Requirements

  • phpBB 3.3.10 or newer.
  • PHP 7.1.3 or newer.

Awards

  • Featured MOD of the Week in the phpBB Weekly Podcast, episode #166.

Install

  1. Download the latest validated release.
  2. Unzip the downloaded release and copy it to the ext directory of your phpBB board.
  3. Navigate in the ACP to Customise -> Manage extensions.
  4. Look for Password Strength under the Disabled Extensions list and click its Enable link.
  5. Choose a password strength algorithm under ACP -> General -> User registration settings -> Password strength algorithm.

Uninstall

  1. Navigate in the ACP to Customise -> Manage extensions.
  2. Click the Disable link for Password Strength.
  3. To permanently uninstall, click Delete Data, then delete the passwordstrength folder from phpBB/ext/vse/.

Disclaimer

Password Strength is intended to encourage forum users to choose stronger passwords. It does not guarantee protection against password attacks, and it does not replace phpBB's server-side password validation or password confirmation checks. Password scoring is an estimate, so choose the strength algorithm that best fits your forum.

License

GNU General Public License v2

© 2013 - Matt Friedman