• Hi,

    What is the difference between the different options for "Minimum Password Strength" in the admin section? How does it affect the end users choice of password?


    • very guessable
    • somewhat guessable
    • safely unguessable
    • very unguessable

    I hope this is not a duplicate topic, I have search but could not find anything about this matter.

  • Global Moderator Plugin & Theme Dev

    @erik-viklander these are directly from the password strength calculation library zxcvbn which NodeBB uses to enforce password strength.

    result.score      # Integer from 0-4 (useful for implementing a strength bar)
      0 # too guessable: risky password. (guesses < 10^3)
      1 # very guessable: protection from throttled online attacks. (guesses < 10^6)
      2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
      3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
      4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)

Suggested Topics

| |