Refuse weak passwords

ychaouche

Valued Member
Hello EQ :)

My users use roundcube to connect to read their mail. I have enabled the password plugin to enable them to change their passwords. However, I would like to know what can I do to refuse changing the password if it is too weak ? I have already installed the zxcvbn python module to check password strength from the command line, I'd like to know if it's possible to somehow get that script called by roundcube or something similar ?

Yassine.
 

popowich

EQ Forum Admin
Staff member
I haven't used roundcube recently (maybe not ever). Try to Google with phrases such as "roundcube enforce strong password strength" to help find you a site that can better assist with this question. I see a variety of results of varying age with this request.
 

ychaouche

Valued Member
Hello popowich,

I ended up writing my own driver for the password plugin based off the chgpasswd driver. It calls the zxcvbn-wrapped script via exec and captures both its exit code and output. The output is processed and shown to the user (estimated cracking time).
 

Similar threads

Top