This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ruby on Rails Password Complexity Cheatsheet

From OWASP
Revision as of 14:51, 28 February 2018 by ZaurMolotnikov (talk | contribs) (published)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Enforcing password complexity in a web application is an essential step when preventing password attacks.

If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.

Install it using:

   gem 'devise'

Configure your user model with it:

    class User < ApplicationRecord
      devise :database_authenticatable, 
        # other devise features, then
        :zxcvbnable
    end

And configure the required password complexity:

    # in config/initializers/devise.rb
    Devise.setup do |config|
      # zxcvbn score for devise
      config.min_password_score = 4 # complexity score here.
      ...