register form should check (browser side and server side) the entered password

[bstarynk]

In commit d86a11ef642a714caf473a692f42b the /register form does not work, but we need to add JavaScript code to ensure that the proposed password is strong enough: at least 10 characters, including at least two digits.

If you know Javascript libraries checking this, please tell.

We also need to code such a check server side.

[montao]

In commit d86a11e the /register form does not work, but we need to add JavaScript code to ensure that the proposed password is strong enough: at least 10 characters, including at least two digits.

If you know Javascript libraries checking this, please tell.

We also need to code such a check server side.

zxcvbn seems to be an accepted approach https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation If you agree to use this then I can make a PR for it. It's interesting that there is no "de facto" algorithm as far as a could see.

[bstarynk]

On 05/04/2020 00:46, Niklas Rosencrantz wrote:

In commit d86a11e
<https://github.com/bstarynk/helpcovid/commit/d86a11ef642a714caf473a692f42bfd6964d33c3>
the /register form does not work, but we need to add JavaScript
code to ensure that the proposed password is strong enough: at
least 10 characters, including at least two digits.

If you know Javascript libraries checking this, please tell.

We also need to code such a check server side.

zxcvbn seems to be an accepted approach https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation If you agree to use this then I can make a PR for it. It's interesting that there is no "de facto" algorithm as far as a could see.

Yes, please add it.

-- Basile Starynkevitch - http://starynkevitch.net/Basile/ Bourg La Reine, France basile@starynkevitch.net opinions are only mine - les opinions sont seulement miennes