Releasing redmine_zxcvbn 1.0.0
Today I stumbled upon an article named Stop forcing your arbitrary password rules on me by Ryan Winchester. The author explains in detail, why it’s a bad idea to force arbitrary password requirements like the following:
"Your password must be at least 8 characters including one uppercase letter, one number, 3 Emojis & the first verse of Bohemian Rhapsody".
— I Am Devloper (@iamdevloper) November 13, 2014
Instead he proposes to force a minimum password entropy and suggests to use Dropbox’s zxcvbn library to calculate that. In other words: A short password using a wide range of characters should be as good as a long one using a more limited set.
No rules!
I say: A regular service should never force a minimum password requirement. Maybe your users are creating a dummy account and want to test some features. Forcing a minimum password strength will only lower conversions and won’t protect anything valuable. Instead we should only encourage them to use a good password. Using a strength indicator without any enforcements – maybe combined with a simple minimum length requirement – will be all you need to protect those accounts, that need protection.
And therefore I present redmine_zxcvbn. It’s a redmine plugin which adds a strength/quality indicator to all password fields throughout Redmine. It does not add any server side requirements concerning password quality. It only shows a little progress bar below the password field which will inform the user about the quality of their choice. It remains their responsibility to pick a password which is fit to their security requirements.
Installation
Head over to GitHub. You may find all the nitty gritty details in the README. I am missing something? Please create a bug report here.
The plugin is also listed in the Redmine Plugin directory. So if you like it, please go there and leave a 5 star review.
My name is Gregor Schmidt. I am a freelance Ruby and JavaScript web developer based in Berlin, Germany. I do Ruby and Rails since 2005, JavaScript since 2006. I wrote my first Redmine plugin in 2007.
I mainly work with Rails, Backbone, and Bootstrap, but I am also good at picking up new frameworks, since I will probably know most of their concepts from other projects.
If your interested in more of my previous work have a look at my portfolio. I have also published my rates for everybody to see. I would love to hear, how I may help you.