Add passwdqc, optionally require passwords pass both zxcvbn and passwdqc #89

paragonie-scott · 2016-07-03T22:50:16Z

While zxcvbn is a great password strength estimator, there are situations where passwdqc is better. The downside is that passwdqc is pass/fail.

Ideally, administrator passwords should require a zxcvbn score of 4 or higher and should also pass passwdqc's evalutation.

This is going to require a fresh port of passwdqc to PHP, since the existing ones aren't very good.

kelunik · 2016-07-04T07:59:27Z

More labels please! config, ui, ux, tools should be removed I think.

paragonie-scott · 2016-07-04T08:07:30Z

If you could read my mind, you'd understand why those labels were chosen. ;)

But I'm not sure how I'm going to implement this yet, really.

kelunik · 2016-07-04T08:34:38Z

If you could read my mind, you'd understand why those labels were chosen. ;)

I'm afraid I can't. :-(

paragonie-scott · 2016-11-14T02:32:10Z

paragonie-scott added ui ux SECURITY crypto expertise needed tools feedback sought config labels Jul 3, 2016

paragonie-scott added this to the Version 2.0.0 milestone Jul 3, 2016

paragonie-scott added help wanted feature request labels Jul 3, 2016

paragonie-scott removed config ui ux labels Jul 4, 2016

paragonie-scott removed the tools label Jul 4, 2016

paragonie-scott mentioned this issue Mar 2, 2017

Version 2.0.0 Brainstorming Thread #160

Open

Provide feedback