Security: Password strength level meaning

In Setup → System Settings → SECURITY, I can specify a Minimum Password score.

How can I find out what rule(s) every score level implies?
Put another way - If I set it to 5, what list of rules can I tell users will be expected of them in terms of password format adherence/conformance?

Hi! The integer value scores apparently relate to complexity estimation, not actual discrete rules.

To learn more refer to these for example

Is there a way to know the minimum requirements?
Password length, special characters, etc.

For clues a web search on zxcvbn may provide answers?

Let us know what you find!

On further study and just to clarify -

ERPNext uses zxcvbn just to assess a user supplied password

Whereas passlib provides the backend functions to handle passwords

I am not familiar with passlib

Since that is a business policy decision, my guess is rather than code and have to support this, ERPNext provides zxcvbn instead for user’s to assess passwords

zxcvbn tests will tell you how strong the password is

1 Like