• Hi,

    What is the difference between the different options for "Minimum Password Strength" in the admin section? How does it affect the end users choice of password?

    e.g

    • very guessable
    • somewhat guessable
    • safely unguessable
    • very unguessable

    I hope this is not a duplicate topic, I have search but could not find anything about this matter.

  • Global Moderator Plugin & Theme Dev

    @erik-viklander these are directly from the password strength calculation library zxcvbn which NodeBB uses to enforce password strength.

    result.score      # Integer from 0-4 (useful for implementing a strength bar)
    
      0 # too guessable: risky password. (guesses < 10^3)
    
      1 # very guessable: protection from throttled online attacks. (guesses < 10^6)
    
      2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
    
      3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
    
      4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
    

Suggested Topics

  • 5
  • 10
  • 2
  • 2
  • 1
| |