Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be: <ul> <li>configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on</li> <li>extensible allowing new criteria to be implemented if required</li> <li>implemented in pure Java</li> <li>not fundamentally intertwined with a tag libraries, UI components or "password management" functionality</li> <li>compatible with a GPL 3 project</li> <li>compatible with Spring wiring</li> <li>mavenized (ideally available through Maven Central)</li> </ul>

Have a look at vt-password: <ul> <li>configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on - Partially (yes to configurable, dictionaries, no to weighted criteria)</li> <li>extensible allowing new criteria to be implemented if required - Yes </li> <li>implemented in pure Java - Yes (and decent javadoc)</li> <li>not fundamentally intertwined with a tag libraries, UI components or "password management" functionality - Yes </li> <li>compatible with a GPL 3 project - Yes (LGPLv3/APLv2 dual-licensed as of November 2013) </li> <li>compatible with Spring wiring - Looks like </li> <li>mavenized (ideally available through Maven Central) - Yes (in central since version 3.0) </li> </ul> <hr> Update by @Stephen C. The guys who do vt-password have made a number of API improvements since the question was originally answered, and one of the outcomes is that the classes are much easier to configure using Spring IoC. They have also uploaded it to Maven Central: http://mvnrepository.com/artifact/edu.vt.middleware/vt-password <hr> Update 2020: vt-password has been replaced, sort of, by Passay

This is a followup answer to say that I did use vt-password, and I'm happy with the results. I started out with vt-password version 2.0 and hacked it around a bit to get it to work with Spring wiring, and address the thread safety issues I alluded to in my comments on @Pascal's answer. That was enough to get on with. A few weeks back, the vt-middleware team released vt-password 3.0, based (in small part) on my feedback concerning 2.0. This new release addressed all of the issues I had hacked around, and I have now ditched my local mods and am using vt-password 3.0 as is. They have also uploaded their stuff to Maven Central, and improved the online documentation.

Password strength checking library [closed]

Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be:

configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on
extensible allowing new criteria to be implemented if required
implemented in pure Java
not fundamentally intertwined with a tag libraries, UI components or "password management" functionality
compatible with a GPL 3 project
compatible with Spring wiring
mavenized (ideally available through Maven Central)

Are password strength checkers safe?

The #1 Password Strength Tool. Trusted and used by millions. Entries are 100% secure and not stored in any way or shared with anyone.

Which has the best password strength?

A strong password is a unique word or phrase a hacker cannot easily guess or crack. Here are the main traits of a reliable, secure password: At least 12 characters long (the longer, the better). Has a combination of upper and lowercase letters, numbers, punctuation, and special symbols.

Have a look at vt-password:

configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on - Partially (yes to configurable, dictionaries, no to weighted criteria)
extensible allowing new criteria to be implemented if required - Yes
implemented in pure Java - Yes (and decent javadoc)
not fundamentally intertwined with a tag libraries, UI components or "password management" functionality - Yes
compatible with a GPL 3 project - Yes (LGPLv3/APLv2 dual-licensed as of November 2013)
compatible with Spring wiring - Looks like
mavenized (ideally available through Maven Central) - Yes (in central since version 3.0)

Update by @Stephen C.

The guys who do vt-password have made a number of API improvements since the question was originally answered, and one of the outcomes is that the classes are much easier to configure using Spring IoC. They have also uploaded it to Maven Central: http://mvnrepository.com/artifact/edu.vt.middleware/vt-password

Update 2020: vt-password has been replaced, sort of, by Passay

This is a followup answer to say that I did use vt-password, and I'm happy with the results.

I started out with vt-password version 2.0 and hacked it around a bit to get it to work with Spring wiring, and address the thread safety issues I alluded to in my comments on @Pascal's answer. That was enough to get on with.

A few weeks back, the vt-middleware team released vt-password 3.0, based (in small part) on my feedback concerning 2.0. This new release addressed all of the issues I had hacked around, and I have now ditched my local mods and am using vt-password 3.0 as is. They have also uploaded their stuff to Maven Central, and improved the online documentation.

Password strength checking library [closed]

Tags:

java

passwords

Stephen C

People also ask

2 Answers

Pascal Thivent

Stephen C

Recent Activity

Donate For Us

Password strength checking library [closed]

Tags:

java

passwords

Stephen C

People also ask

2 Answers

Pascal Thivent

Stephen C

Related questions

Recent Activity

Donate For Us