This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Ruby on Rails Password Complexity Cheatsheet
From OWASP
Enforcing password complexity in a web application is an essential step when preventing password attacks.
If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.
Install it using:
gem 'devise'
Configure your user model with it:
class User < ApplicationRecord
devise :database_authenticatable,
# other devise features, then
:zxcvbnable
end
And configure the required password complexity:
# in config/initializers/devise.rb
Devise.setup do |config|
# zxcvbn score for devise
config.min_password_score = 4 # complexity score here.
...