Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increasing devise's default password length #5591

Open
angelamchoi opened this issue Apr 27, 2023 · 5 comments
Open

Increasing devise's default password length #5591

angelamchoi opened this issue Apr 27, 2023 · 5 comments

Comments

@angelamchoi
Copy link

angelamchoi commented Apr 27, 2023
edited
Loading

Hi @carlosantoniodasilva and Devise team!

Currently, Devise's minimum password length is 6 characters long without any strict requirements on uppercase and lowercase, letters and symbols. For example, 123456, would be an acceptable password. I wanted to know if Devise would consider increasing the default password length to 10-12 min. characters long with stronger password requirements such as adding uppercase, lowercase, letters, and/or symbols to ensure all users have a secure password. I have attached an image for more information. I would love to work on this issue.

Please let me know if you have any questions.

Thank you.

image
@vdheera vdheera mentioned this issue Dec 6, 2023
Closed
@matthewford matthewford mentioned this issue Feb 22, 2024
Closed
@kykyi
Copy link

kykyi commented Aug 27, 2024
edited
Loading

Great call @angelamchoi! @carlosantoniodasilva and Devise team can I open a PR adding some config which essentially does this?

# devise initializer
Devise.setup do |config|
      config.password_length = 8..128
      config.password_require_lower_case = true
      config.password_require_upper_case = true
      config.password_require_special_character = true
      config.password_require_number = true
end

# on devise model
 def password_complexity
    lower_case_regex = /(?=.*[a-z])/
    upper_case_regex = /(?=.*[A-Z])/
    digit_regex = /(?=.*[0-9])/
    special_char_regex = /(?=.*[\W])/

    [
      [lower_case_regex, :no_lowercase],
      [upper_case_regex, :no_uppercase],
      [digit_regex, :no_digit],
      [special_char_regex, :no_special]
    ].each do |regex, error|
      if !password.match?(regex)
        errors.add :password, error
      end
    end
  end

@jeffreygray
Copy link

jeffreygray commented Nov 21, 2024
edited
Loading

@kykyi I was just about to build this myself but would love to have an easy way for other users to do the same thing (ex: config.password_require_special_character = true, specifying special character requirements)

Please feel free to put me on the PR so I can take a look 😄

also just nudging this for attention!

@jeffreygray
Copy link

jeffreygray commented Nov 21, 2024
edited
Loading

linking to "How To: Set up simple password complexity requirements" for others like me that might want to tackle this soon

@kykyi
Copy link

kykyi commented Nov 21, 2024

@jeffreygray I'll open a PR and tag you in it ✅

@kykyi kykyi mentioned this issue Nov 22, 2024
Open
@kykyi
Copy link

kykyi commented Nov 22, 2024

Hey @jeffreygray see above 😄 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeffreygray @angelamchoi @kykyi