[Xon] Password Tools

[Xon] Password Tools 3.9.0

No permission to download
Overview Updates (13) History Discussion (14)
N
newimage Sergeant Major
Staff member
Moderating
badge id 104 You Are Richer badge id 109 NullPro Uploader
Jun 28, 2020
2,191
5,610
$6,149
newimage submitted a new resource:

Password Tools 3.2.2 - Password

Password Tools
Description
password_strength.png



Source
This modification mostly follows the principles of Dan Wheelers password strength estimator zxcvbn. It does not weight password strength by their combination of upper/lower letters, special characters and numbers, but on how easy they are to crack in reality.

To...
Click to expand...

Read more about this resource...
 
newimage updated Password Tools with a new update entry:

3.5.0 - Feature update

  • Force global namespace for functions which are known to be optimizable to bytecode in php, or known global functions to avoid a current namespace lookup for the function.
  • Add "On login; alert the user if they have a known compromised password" option (default enabled)
  • Add "Minimum time between triggering compromised password alerts on login" option (default 24 hours)
Click to expand...
Click to expand...

Read the rest of this update entry...
 
newimage updated Password Tools with a new update entry:

3.6.1 - Feature update

Thanks to @NamePros for sponsoring this update.
  • Update compromised password alert text to be less awkward
  • On updating passwords, remove any compromised password alerts to avoid user confusion
  • Add "Force email two factor authentication on compromised password" option (default disabled)
  • Add "Pwned password minimum count (soft)" option.
    This allows a user to change a password to a known compromised value which is under a given number of known hits. This still generates...
Click to expand...

Read the rest of this update entry...
 
thanks to dear member @jessy updated [Xon] Password Tools with a new update entry:

3.7.1

  • Require XenForo 2.2+, drop XF2.1 support
  • Actually implement cron to prune the pwned password hash cache. Old entries where already being ignored, so this will hopefully just reduce MySQL table bloat
  • Fix denial of service attack by preventing too long password which can trigger factorial number of brute force password checks when using Zxcvbn
    • Update new install option defaults to more recommend values:
    • Enforce password complexity for admins
    • Enable "Length check...
Click to expand...

Read the rest of this update entry...
 
thanks to dear member @jessy updated [Xon] Password Tools with a new update entry:

changelog

  • Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
  • Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
  • Rename various options to be better searchable
  • Adjust various option defaults to be more robust.
    • 'Minimum password length' from 8 => 10 characters
    • 'Minimum password strength' from 'very weak' to 'weak'
    • 'Pwned password...
Click to expand...

Read the rest of this update entry...
 
thanks to dear member @jessy updated [Xon] Password Tools with a new update entry:

changelog

  • Fix changing user entity while a write is pending in some cases
  • Add "Use rejected password fragments in password meter" option (default disabled).
    Take rejected password fragments into consideration when showing the password strength meter to the user.
    Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.
Click to expand...

Read the rest of this update entry...
 
nice update
 
You must log in or register to reply here.
Back
Top