This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ruby on Rails Password Complexity Cheatsheet

From OWASP

Revision as of 14:51, 28 February 2018 by ZaurMolotnikov (talk | contribs) (published)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Enforcing password complexity in a web application is an essential step when preventing password attacks.

If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.

Install it using:

   gem 'devise'

Configure your user model with it:

    class User < ApplicationRecord
      devise :database_authenticatable, 
        # other devise features, then
        :zxcvbnable
    end

And configure the required password complexity:

    # in config/initializers/devise.rb
    Devise.setup do |config|
      # zxcvbn score for devise
      config.min_password_score = 4 # complexity score here.
      ...

Retrieved from "https://wiki.owasp.org/index.php?title=Ruby_on_Rails_Password_Complexity_Cheatsheet&oldid=238177"

Pages with syntax highlighting errors