pwned
😱 An easy, Ruby way to use the Pwned Passwords API. (by philnash)
devise-security
A security extension for devise, meeting industry-standard security demands for web applications. (by devise-security)
pwned | devise-security | |
---|---|---|
1 | 4 | |
419 | 576 | |
- | 2.8% | |
3.9 | 6.6 | |
5 months ago | 3 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pwned
Posts with mentions or reviews of pwned.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-28.
-
Rails Authentication for Compliance
Additionally, you should validate that the password is not leaked. Luckily, there is a gem for that: https://github.com/philnash/pwned. After installing the gem, All you need to do is add the following validation to the model:
devise-security
Posts with mentions or reviews of devise-security.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-31.
- Beware - Devise 4.9.1 and devise-security gem
-
Best authentication in 2022? Devise, Clearance, OAuth, anything else?
Rodauth is IMO the most feature-complete and the most stable. It ships with "enterprise"-grade features such as single session, session expiration, password expiration, password complexity requirements, disallowing common passwords, and disallowing password reuse (basically what devise-security extension provides).
-
Rails application boilerplate for fast MVP development
add devise-security
-
Devise only allow one session per user at the same time
An alternative implementation.... https://github.com/devise-security/devise-security/blob/master/lib/devise-security/models/session_limitable.rb
What are some alternatives?
When comparing pwned and devise-security you can also consider the following projects:
devise-two-factor - Barebones two-factor authentication with Devise
graphql_devise - GraphQL interface on top devise_token_auth
Rack::Attack - Rack middleware for blocking & throttling
Ahoy - Simple, powerful, first-party analytics for Rails
rotp - Ruby One Time Password library
authtrail - Track Devise login activity
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
bullet - help to kill N+1 queries and unused eager loading
dumb-password-rules - A compilation of sites with dumb password rules.
Pundit - Minimal authorization through OO design and pure Ruby classes
rails_best_practices - a code metric tool for rails projects
pwned vs devise-two-factor
devise-security vs graphql_devise
pwned vs Rack::Attack
devise-security vs Ahoy
pwned vs rotp
devise-security vs Rack::Attack
pwned vs authtrail
devise-security vs Brakeman
devise-security vs bullet
devise-security vs dumb-password-rules
devise-security vs Pundit
devise-security vs rails_best_practices