Cuz
June 12, 2019, 4:24pm
#1
In Setup → System Settings → SECURITY, I can specify a Minimum Password score.
How can I find out what rule(s) every score level implies?
Put another way - If I set it to 5, what list of rules can I tell users will be expected of them in terms of password format adherence/conformance?
Hi! The integer value scores apparently relate to complexity estimation , not actual discrete rules.
To learn more refer to these for example
Is there a way to know the minimum requirements?
Password length, special characters, etc.
For clues a web search on zxcvbn
may provide answers?
Let us know what you find!
On further study and just to clarify -
ERPNext uses zxcvbn just to assess a user supplied password
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE
try:
from zxcvbn import zxcvbn
except Exception:
import zxcvbn
import frappe
from frappe import _
def test_password_strength(password, user_inputs=None):
"""Wrapper around zxcvbn.password_strength"""
result = zxcvbn(password, user_inputs)
result.update({"feedback": get_feedback(result.get("score"), result.get("sequence"))})
return result
# NOTE: code modified for frappe translations
This file has been truncated. show original
Whereas passlib provides the backend functions to handle passwords
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE
import string
from cryptography.fernet import Fernet, InvalidToken
from passlib.context import CryptContext
from passlib.hash import mysql41, pbkdf2_sha256
from passlib.registry import register_crypt_handler
from pypika.terms import Values
import frappe
from frappe import _
from frappe.query_builder import Table
from frappe.utils import cstr, encode
Auth = Table("__Auth")
class LegacyPassword(pbkdf2_sha256):
This file has been truncated. show original
I am not familiar with passlib https://passlib.readthedocs.io/en/stable/
Since that is a business policy decision, my guess is rather than code and have to support this, ERPNext provides zxcvbn instead for user’s to assess passwords
zxcvbn tests will tell you how strong the password is
1 Like