I want to force a user to choose a strong password on registration.
I know, there are many jquery password strength meters out there, and I will most probably use one of them, too. But that does not really enforce anyone to choose a strong password. The registration form must also be useable without js enabled, so one could still potentially register with a weak password.
Accounts must be most secure, because if you are logged in, you can see data of other accounts, which I do not want exposed under any circumstances. So I want to go for maximum security here, therefore I think, it is most important to only allow strong passwords.
So,
How do I set and customize requirements for validating minimum password strength? Only thing I could find in the devise config file is password length. Is there another gem that I should use for this task?
You can use the Devise Security extension, where you can define a password regexp validation (among other things) and enforce the password strength you want.
I've recently released a devise gem which uses the zxcvbn library to reject weak passwords:
https://github.com/bitzesty/devise_zxcvbn
As of this writing (2018), I'd suggest other-folk to consider the newer Devise Security fork before settling on the previously recommended Devise Security extension gem (stale as of v0.10.0 March 2016, but still OG AF mang!)
edit: This one looks more recent, but idk.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With