An extension for phpBB that shows users the strength of a password as they type it when registering, changing their password, or editing a user in the ACP.
Try it out yourself here: (Online Demo)
- Adds an accessible password strength meter beside password fields.
- Password strength is labeled as "Very Weak", "Weak", "Good", "Strong" or "Very Strong".
- Password strength is active on user-facing registration/account password forms and supported ACP user password forms.
- Password strength is scored using one of the available algorithms:
- Complexity checks for a mix of characters, case, symbols, numbers and length. This can encourage complex passwords, but can score easily cracked passwords like
P@s$w0rdas strong. - zxcvbn calculates how guessable a password is by comparing it to dictionaries and recognizable patterns. This is a more robust strength checker that allows user-friendly passwords that are easy to remember but still hard to guess.
- Complexity checks for a mix of characters, case, symbols, numbers and length. This can encourage complex passwords, but can score easily cracked passwords like
- The zxcvbn algorithm displays localized feedback about weak passwords when available.
- zxcvbn dictionary/feedback support is included for Arabic, Croatian, Czech, Danish, Dutch (Belgium), English, Finnish, French, German, Indonesian, Italian, Japanese, Kurdish, Persian, Polish, Portuguese (Brazil), Romanian, Spanish, Thai, Turkish and Chinese.
- phpBB 3.3.10 or newer.
- PHP 7.1.3 or newer.
- Featured MOD of the Week in the phpBB Weekly Podcast, episode #166.
- Download the latest validated release.
- Unzip the downloaded release and copy it to the
extdirectory of your phpBB board. - Navigate in the ACP to
Customise -> Manage extensions. - Look for
Password Strengthunder the Disabled Extensions list and click itsEnablelink. - Choose a password strength algorithm under
ACP -> General -> User registration settings -> Password strength algorithm.
- Navigate in the ACP to
Customise -> Manage extensions. - Click the
Disablelink for Password Strength. - To permanently uninstall, click
Delete Data, then delete thepasswordstrengthfolder fromphpBB/ext/vse/.
Password Strength is intended to encourage forum users to choose stronger passwords. It does not guarantee protection against password attacks, and it does not replace phpBB's server-side password validation or password confirmation checks. Password scoring is an estimate, so choose the strength algorithm that best fits your forum.
© 2013 - Matt Friedman