dumb-password-rules
devise-security
Our great sponsors
dumb-password-rules | devise-security | |
---|---|---|
16 | 4 | |
2,973 | 560 | |
0.2% | 1.4% | |
6.9 | 6.6 | |
25 days ago | about 1 month ago | |
Nunjucks | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dumb-password-rules
-
Here's a roundup of the best UX and design links from the last few weeks, hope you find it useful! How to prioritise user problems, find better alternatives to dark patterns, understand hypotheses, manage difficult stakeholders, transcribe audio and draw the rest of the owl.
Dumb password rules – Naming and shaming the worst offenders.
- Passwortsicherheit bei HDI
- Sending Spammers to Password Purgatory with MS Power Automate and CF Workers KV
-
Flutter Password Validator plugin
Here are some really egregious examples but even the "must contain uppercase, lowercase, number and special character" rules are pretty bad. You don't add much additional security because people will just make the first character uppercase, and append 1, ! or whatever. Or worse you'll force them to write it down.
devise-security
- Beware - Devise 4.9.1 and devise-security gem
-
Best authentication in 2022? Devise, Clearance, OAuth, anything else?
Rodauth is IMO the most feature-complete and the most stable. It ships with "enterprise"-grade features such as single session, session expiration, password expiration, password complexity requirements, disallowing common passwords, and disallowing password reuse (basically what devise-security extension provides).
-
Rails application boilerplate for fast MVP development
add devise-security
-
Devise only allow one session per user at the same time
An alternative implementation.... https://github.com/devise-security/devise-security/blob/master/lib/devise-security/models/session_limitable.rb
What are some alternatives?
weakpass - Weakpass collection of tools for bruteforce and hashcracking
zxcvbn - Low-Budget Password Strength Estimation
graphql_devise - GraphQL interface on top devise_token_auth
Ahoy - Simple, powerful, first-party analytics for Rails
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Rack::Attack - Rack middleware for blocking & throttling
bullet - help to kill N+1 queries and unused eager loading
Pundit - Minimal authorization through OO design and pure Ruby classes
Sidekiq - Simple, efficient background processing for Ruby
rails_best_practices - a code metric tool for rails projects
warden - General Rack Authentication Framework
many-passwords - Default credentials list. 🐱💻 Leave a star if you like this project! (that motivates me)⭐️