Password strength controls

[FlxMgdnz]

We need a way for admins to configure the desired password strength, e.g. to enforce compliance policies.

The current best practice seems to be a combination of a password strength meter and blocking common and previously breached passwords:

• https://github.com/zxcvbn-ts/zxcvbn or https://github.com/dropbox/zxcvbn?tab=readme-ov-file
• https://haveibeenpwned.com/API/v3#PwnedPasswords

It is important to provide clear user feedback, e.g. when blocking a password, so that users will know what is wrong with the password of their choice and what they can do to proceed.

For the UI, we need:

• A password strength indicator, ideally providing real-time feedback to the user while typing a new password, e.g. a bar that fills up and changes color from red to green as soon as the configured minimal strength level is reached
• Additionally, there needs to be a text, explaining what's wrong as long as the bar is red, e.g.
  • Password too short
  • Password is too simple
  • Password has been found in online breach data

[mustafa-sayyed]

Hey @FlxMgdnz, I want to work on this issue
Please assign it to me

[FlxMgdnz]

Hey @FlxMgdnz, I want to work on this issue Please assign it to me

@mustafa-sayyed Thanks, but we need to add more details to this first.