Strong Password

This is an extension to Clearance, an authentication gem from thoughtbot. It is a collection of modules which add restrictions to passwords on your User ActiveRecord model.

These are common things that public companies in the United States include in their security audits of systems:

  • password minimum length

  • password minimum number of non-alphanumeric characters

  • password duplicate consecutive characters

  • password history

  • password automatic change period of days

  • password bad attempts

None of these will ever be in Clearance, as it focuses on the bare minimum for email/password authentication and does not try to be super security-aware. We (myself and thoughtbot) are not security professionals and don’t pretend to be.

These requirements are those I’ve personally been informed are commonly part of security audits. I make no claims that by using this gem you will pass any US laws.

However, if you find yourself in the situation where a public company requests these items before they’ll use your software, Strong Password will help you save some time.

Usage

Length:

class User < ActiveRecord::Base
  include Clearance::User
  include StrongPassword::MinimumLength

  validates_password_length_minimum_is 8
end

Non-alphanumeric characters:

class User < ActiveRecord::Base
  include Clearance::User
  include StrongPassword::NonAlphanumeric

  validates_password_non_alphanumeric_minimum_is 2
end

Copyright © 2009 Dan Croak. See LICENSE for details.