devise_zxcvbn

Plugin for devise to reject weak passwords, using zxcvbn-ruby which is a ruby port of zxcvbn: realistic password strength estimation. The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.

The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2, 10**4, 10**6, 10**8, Infinity.

Installation

Add this line to your application's Gemfile:

gem 'devise_zxcvbn'

Devise Configuration

class User < ActiveRecord::Base
  devise :database_authenticatable, :validatable, :zxcvbnable
end

Default parameters

A score of less than 3 is not recommended.

# config/initializers/devise.rb
Devise.setup do |config|
  config.min_password_score = 4
end

Error Message

Example error message, the score and min_password_score variables are also passed through if you need them.

# config/locales/devise.en.yml
en:
  errors:
    messages:
      weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger."

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request