Strengthen use of zxcvbn with additional input to minimize risk of weak passwords

leather-io / desktop

Manage STX tokens and Stacking

https://leather.io/

191 stars 71 forks source link

Strengthen use of zxcvbn with additional input to minimize risk of weak passwords #1225

Open fpbgg opened 1 year ago

fpbgg commented 1 year ago

https://github.com/leather-wallet/desktop/blob/c362a6675e25e701bfc80fdab84fe8c2354ec1a0/app/crypto/validate-password.ts#L25-L28

The zxcvbn library accepts an optional list of user inputs (e.g. username or email address). Providing this will prevent someone from setting weaker passwords than expected from a naive password evaluation.

kyranjamie commented 1 year ago

We don't have username, nor email address.

markmhendrickson commented 1 year ago

@fpbgg given we don't collect these sorts of values otherwise, is there another type of input we could use here in your mind?