Ruby on Rails Password Complexity Cheatsheet

From OWASP
Jump to: navigation, search

Enforcing password complexity in a web application is an essential step when preventing password attacks.

If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.

Install it using:

   gem 'devise'

Configure your user model with it:

1     class User < ApplicationRecord
2       devise :database_authenticatable, 
3         # other devise features, then
4         :zxcvbnable
5     end

And configure the required password complexity:

1     # in config/initializers/devise.rb
2     Devise.setup do |config|
3       # zxcvbn score for devise
4       config.min_password_score = 4 # complexity score here.
5       ...