WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#30916 closed enhancement (wontfix)

Proposal for a faster JavaScript password strength meter

Reported by: gabrieleromanato Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1
Component: External Libraries Keywords:
Focuses: javascript Cc:

Description

I've tested the current password meter and it's not very efficient in terms of performance when it comes to very long and complex passwords.

The following first implementation of a JS password meter doesn't use regular expressions:

JavaScript password strength meter without regular expressions

Without regular expressions and using only tokenization you get a performance boost.
Let me know.

Attachments (2)

badpass.jpg (7.9 KB) - added by voldemortensen 6 years ago.
badpass1.jpg (39.8 KB) - added by voldemortensen 6 years ago.

Download all attachments as: .zip

Change History (5)

#1 @voldemortensen
6 years ago

The above two screenshots are why I don't think this is a good idea. "password1!" should never be considered a good password. I suggest wontfix.

#2 @helen
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

We use Dropbox's zxcvbn, which is an external library. Changes to that should probably go upstream: https://github.com/dropbox/zxcvbn

Also importantly, voldemortensen is correct - making changes that negatively affect the functionality are not desirable.

#3 @nacin
6 years ago

zxcvbn is a very smart library. It's also huge — something like 650 KB, and that's when minified and gzipped. This is a feature. It's OK if it's large and slow. You don't need it often, and it's more important to have an accurate, smart library.

Note: See TracTickets for help on using tickets.