If the password is inserted (ctr+v) in the input field, pwstrength does not work.
How can I fix this problem?

When using the zxcvbn library, you can specify options.common.usernameField to pass the value of that control as a user input to zxcvbn, however there is no way to pass additional data. For example, one might have the users first name, last name, date of birth etc.

I propose that an options.common.userInputs setting be added. This setting would be a string array that would be passed to zxcvbn as addition user inputs along with the usernameField.

I have the script on three other pages in the site and all work fine. I am having trouble getting it to work on a page in my admin screen. Same exact code, only difference is the password field is the only field on the form. I am getting "Object doesn't support property or method 'pwstrength'" no matter what I try. I tried adding another field, I tried renaming the password field, I took out the options, nothing seems to work.

@model Thinktecture.IdentityServer.Web.Areas.Admin.ViewModels.UserPasswordModel

@{
    ViewBag.Title = "Change Password for " + Model.Username;
}

<div id="pwd-container">
    @using (Html.BeginForm(null, null, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
    {
        @Html.ValidationSummary("Errors updating profile:")
        @Html.AntiForgeryToken()

        <fieldset class="editor small">
            <legend>@ViewBag.Title</legend>
            <div class="form-group">
                @Html.LabelFor(m => m.NewPassword, new { @class = "col-md-3 control-label" })
                <div class="col-md-9">
                    @Html.TextBoxFor(m => m.NewPassword, new { @class = "form-control" })
                    <div class="col-md-9" style="padding:0 18px 6px 20px;">
                        Strength: <div class="pwstrength_viewport_progress"></div>
                    </div>
                </div>
            </div>

            <div class="form-group">
                <div class="col-md-offset-4 col-md-8">
                    <button class="btn btn-default">Update</button>
                </div>
            </div>
        </fieldset>
    }
</div>

<nav class="links">
    <ul>
        <li>@Html.ActionLink("back to Users", "Index", "User", null, null)</li>
    </ul>
</nav>

<script type="text/javascript" src="~/Scripts/pwstrength.js"></script>
<script type="text/javascript">
    $(document).ready(function () {
        "use strict";
        var options = {};
        options.common = {
            minChar: 8,
            debug: true
            //    onLoad: function () {
            //        $('#messages').text('Start typing password');
            //    }
        };
        options.rules = {
            activated: {
                wordTwoCharacterClasses: true,
                wordRepetitions: true
            }
        };
        options.ui = {
            container: "#pwd-container",
            viewports: {
                progress: ".pwstrength_viewport_progress"
            },
            showVerdictsInsideProgressBar: true,
            showStatus: true,
            showErrors: true
        };
        $('#NewPassword').pwstrength(options);
    });
</script>

What could be the cause?

It would be cool to see the exact strength inside the progress bar like so:

Hello,

I want to show the verdict text in input-group-addon as below.

<div class="input-group">
  <input type="password" class="form-control" id="current-password">
  <div class="input-group-addon" id="current-password-verdict"></div>
</div>

Is there any way to remove the span tag which wraps the verdict text.

Hello,

Many of the existing rules (such as wordUppercase) don't have error messages.
How would I add them via the options object? Would it be possible to see an example? I'd like to add a custom error message for ALL existing rules.

Many thanks!

Hi,

I tried to run this library in combination with this simple "show password" script: https://github.com/wenzhixin/bootstrap-show-password

I activated the debug mode in your script so I can see that the calculation of the password strength is working when changing the password. But the progres bar stays empty and no verdicts are shown. Do you have any suggestions?

It would be a good feedback, and use space better.

The password strength drops whenever I add "012" to the end of a password.

Examples:

Simple password:
"goop33" = medium
"goop33012" = nill

Random 12 character:
"Fa2PmxBTTWzT" = strong
"Fa2PmxBTTWzT012" = normal
"012Fa2PmxBTTWzT" = weak
"Fa2012PmxBTTWzT" = normal
"Fa2PmxBTTWzTpassword" = very strong

Random 20 character:
"Nq4YGDQf3HJcXU3ZDsjv" = very strong
"012Nq4YGDQf3HJcXU3ZDsjv" = strong
"Nq4YGDQf3HJcXU3ZDsjv012" = very strong <-- doesn't drop if I add "012" anywhere past 7 chars
"Nq4Y012GDQf3HJcXU3ZDsjv" = strong

It was suggested in #35 that there was a forceUpdate method, but it is not documented.

On error, mark input field with a css class (if you don't want to use error text):
usage:
onKeyUp: function (evt) {
$(evt.target).pwstrength("markInputOnError", "invalid");
code:
methods.markInputOnError = function (className) {
this.each(function (idx, el) {
var self = this,
$el = $(el),
localOptions = $el.data("pwstrength-bootstrap");

    if ($el.val().length > 0 && localOptions.instances.errors.length > 0) {
      $(self).addClass(className);
    } else {
      $(self).removeClass(className);
    }
  });
};

The growing bar to show the password strength is nice, but when negative values are possible, then there will be no bar at all. This means, that I could type a very weak password, but get no verdict.

It would be better to produce "width: 1%" when the result is negative instead of 0%.

Hi ,
could you give example how to add this jquery plugin to durandal framework and test it in one view.

Hello,
i love the plugin, i am using it but i am having an issue because i have 2 inputs type="password" where the second one is to confirm password

i am getting 2 progress bars

any quick solution to hide one ?

Reviewing the code, there doesn't seem to be a way to retrieve the current password verdict (besides UI update).

The use case could be a scenario where we require a minimum verdict in order to accept a password.

Ideally we could pick up the verdict level whenever needed (ie: $(elem).data("pwstrength-verdict") and it could be useful to pass this in to the existing onKeyUp event (ie: options.common.onKeyUp(event, verdict);)

ReferenceError: jQuery is not defined
file:///D:/Downloads/jquery.pwstrength.bootstrap-1.1.0/jquery.pwstrength.bootstrap-1.1.0/examples/pwstrength.js
Line 587
ReferenceError: jQuery is not defined
file:///D:/Downloads/jquery.pwstrength.bootstrap-1.1.0/jquery.pwstrength.bootstrap-1.1.0/examples/bootstrap3/index.html
Line 32
TypeError: $ is undefined
file:///D:/Downloads/jquery.pwstrength.bootstrap-1.1.0/jquery.pwstrength.bootstrap-1.1.0/examples/bootstrap3/bootstrap3.js
Line 1
ReferenceError: jQuery is not defined
file:///D:/Downloads/jquery.pwstrength.bootstrap-1.1.0/jquery.pwstrength.bootstrap-1.1.0/examples/bootstrap3/zxcvbn.html
Line 33

Hi i've noticed my errors are not longer showing when i added the zxcvbn:true
my errors where showing untill i added zxcvbn, i was just wondering if there is a way to get error messages to still show with zxcvbn

heres the part of code;

    var input = $("#register_password");
        input.pwstrength({
            common: {
                 onLoad: function() {
                      $('#messages').text('Start typing password');
                    },
                 minChar: 8,
                 zxcvbn: true,
                 usernameField: "#username",
                 userInputs: ['#firstname', '#lastname', '#displayname', '#email'],
                 debug: true
            },
            rules: {
                raisePower: 1.4,
                activated: {
                    wordTwoCharacterClasses: true,
                    wordRepetitions: true
                }
            },
            ui: { 
                container: ".password-strength",
                showErrors: true,
                showStatus: true,
                showVerdictsInsideProgressBar: true,
                verdicts: ["Weak", "Normal", "Medium", "Strong", "Very Strong"],
                viewports: {
                  progress: ".password-progress",
                  errors: ".password-errors"
                   }
                },
            });
            input.pwstrength("addRule", "demoRule", function (options, word, score) {
                return word.match(/[a-z].[0-9]/) && score;
            }, 10, true);

If typing a password and then removing it again, the bar is gone but the verdict is still there.

Should add:

$(this).on('keyup', function () {
    $(this).find('+ .progress').show().find('+ .password-verdict').show()
    if ($(this).val().length == 0) $(this).find('+ .progress').hide().find('+ .password-verdict').hide()
})

or similar,

and on init hide .progress and .password-verdict.

The alphabetical forbidden sequence is out of order.. it should be "wxyz" instead of "xywz"

 rulesEngine.forbiddenSequences = [
        "0123456789", "abcdefghijklmnopqrstuvxywz", "qwertyuiop", "asdfghjkl",
        "zxcvbnm", "!@#$%^&*()_+"
    ];

I have the latest minify version and the latest version of jquery.pwstrength.bootstrap but when adding this plugin to my list of scripts, minification fails.
Am I doing something wrong?

Hi, in the options.js file, I'm trying to change the default option name for the usernameField from "#username" to "#UserName" and it does not seem to be recognizing my input field with that name (to issue an error message). Do you know why that would be? Is there another place where I need to change the field name?

In README.md: errorMessages has the parameter 'password_to_short' instead of 'password_too_short'.

It's missing one 'o'.

http://jsfiddle.net/mmXV5/118/
only one of the bar progress

In current master, the wordOneSpecialChar regex appears to contain a typo.

Currently it contains word.match(/.[!,@,#,$,%,\^,&,*,?,_,~]/). This only returns true if the special character is not preceded by a character. Comparisons to similar rules suggest that this should be .*; i.e. word.match(/.*[!,@,#,$,%,\^,&,*,?,_,~]/)

Hello,

I am using a default implementation of the plugin. My debug shows me scores in chrome. No score is displayed until the score is above zero. A one character pw has a score of -45 but it doesn't show 'weak' for that.

I have tried modifying the scores: option in the UI options to make it start for a score of less than zero, but it doesn't work.

This looks good but I can't find enough docs/usage examples to make it work for me!

http://getbootstrap.com/css/#forms-control-states

Use the has-error and similar classes.

<div class="form-group has-error">
  <label class="control-label" for="inputError">Input with error</label>
  <input type="text" class="form-control" id="inputError">
</div>

Hey there,

I would like to have rules for these:

Contain at least one upper case letter
Contain at least one lower case letter
Contain at least one number
Contain at least one special character
Enforce at least one changed character when passwords are changed

Is that possible with this plugin?

Hi Ablanco,

what the method shall we call it to check if the entered password is valid or not to can submit my form?

Normally a password of 22 characters in length would be very strong but how can that be when all 22 characters are the same letter? I get the "Too many repetitions" message but a meter of Very Strong.
This seems to be a conflict and confusing to the user.

How to get the score of the password strength?

If you use the zxcvbn option there is a bug with the userInputs array; if it includes undefined values then zxcvbn throws an error.

This will happen if the usernameField option is not set.

Also the current setup does not support a fixed word list being passed to zxcvbn:

"This list is also good for site-specific vocabulary. For example, ours includes dropbox."

I have added an additional option to allow a word list:

defaultOptions.common.zxcvbnWords = [];

and validation to the push() lines in the zxcvbn call:

            if (options.common.zxcvbn) {
                userInputs = options.common.zxcvbnWords;
                $.each(options.common.userInputs, function (idx, selector) {
                    if ($(selector).val()) {
                        userInputs.push($(selector).val());
                    }
                });
                if ($(options.common.usernameField).val()) {
                    userInputs.push($(options.common.usernameField).val());
                }
                score = zxcvbn(word, userInputs).entropy;
            } else {
                score = rulesEngine.executeRules(options, word);
            }

Question is obvious :)

I am having a problem with the control disappearing when i place it inside an update panel. I know this is expected behavior, so have added a client end request handler to re-init the control after an async postback. This works, however it creates a new progress bar each time you postback. I tried doing a destroy first, then a create but it disappears again.

Is there anything I can do other than moving it out of the update panel?

Thanks

Hi, is there any destroy method that i can use when closing the form ?

I'd like to have a rule that only accepts passwords that have

• at least one Uppercase char
• at least one lowercase char
• at least one number
• minimum 6 chars

I am sure this is quite possible with the library, but the documentation is lacking a bit here. How do I achieve this?

Given the following code involving validation and pwstrength:

$(document).ready(function() {
  var form, options;
  form = $("#file_form");
  $("#file_form").validate({
    rules: {
      name: {
        required: true
      },
      file: {
        required: true
      },
      mobile: {
        required: true
      },
      email: {
        required: true,
        email: true
      },
      password: {
        required: true
      }
    },
    highlight: function(element) {
      $(element).closest(".form-group").removeClass("has-success").addClass("has-error");
    },
    unhighlight: function(element) {
      $(element).closest(".form-group").removeClass("has-error");
    }
  });
  options = {};
  options.ui = {
    container: "#strength-area",
    showVerdictsInsideProgressBar: true,
    showErrors: true,
    viewports: {
      progress: "#password-strength",
      verdict: "#password-strength"
    }
  };
  options.common = {
    minChar: 8
  };
  $("#password").pwstrength(options);

    $("#encrypt-button").click(function() {
      var valid;
      valid = form.valid();
      if (valid) {
        alert("Valid!");
        readSingleFile();
      }
});

jQueryValidation will validate all fields in the form when clicking #encrypt-button except the password field. Basically, nothing happens.

If the two are truly incompatible, is it possible to call some kind of function to force pwstrength to update progress, errors and verdict? Is there a function to evaluate the current score?

If I could determine that the current score was negative via a function call, I could use that along with .valid() to decide whether or not to proceed. And, if I could call a function to force pwstrength to update the progress, errors and verdict, it would end up setting the field to the correct error state (assuming the field was invalid).

Thanks!

Please make it available this plugin available via bower since I could not find it.

Thanks !

If there is an error, a popover flickers (extremely unsexy) on every pressed key like it gets hidden and showed right after that.
Looks like:
$el.popover("destroy");
...
$el.popover("show");
Could you not check before destroy whether an error remains and just set a new content instead of destroy->show?

We would like to show errors in a popover, like with:
showPopover: true,
showErrors: true
but just errors! if there are no errors, the popover will disappear.
verdicts still gets displayed inside the bar if the password is valid.

like:
showPopover: [always/onError],
showVerdictsInsideProgressBar: true

In my form there are two password fields. one for actual password and other one for confirm it. I want to display this progress bar when I insert the password in actual field. Now its displaying when typing in both fields.

This is a JS Bin with my problem - http://jsbin.com/takiqexeru/1/edit?html,js,output
Hope somebody may help me out.
Thank you.

zxcvbn: realistic password strength estimation

zxcvbn uses entropy to measure password strength. It would be nice to have support for that library in jquery.pwstrength.bootstrap

I am trying to show the errors as a popover, but I am also trying to show the verdict/strength in a progress bar. Unfortunately, this is giving me the unintended result of showing me the verdict as a popover.

Here's my sample jquery code:

$(document).ready(function() {
  var options;
  options = {};
  options.ui = {
    container: "#strength-area",
    showVerdictsInsideProgressBar: true,
    showErrors: true,
    showPopover: true,
    viewports: {
      progress: "#password-strength"
    }
  };
  options.common = {
    minChar: 8
  };
  $("#password").pwstrength(options);
});

It's probably user error, but I would expect that if the verdicts are asked to be shown inside the progress bar, that they would not be shown in the popover at all.

Hi

Thanks so much for this script. Its really well written and very easy to integrate.

I made a small tweak that might help others? In bootstrap 3 I have help text in a neighbouring div

<div class="row">
  <div class="col-lg-2">
    <label for="password">Password</label>
  </div>
  <div class="col-lg-4">
    <input type="password" name="password" class="form-control" placeholder="Your password">
  </div>
  <div class="col-lg-6 my-help-text">
      At least 12 characters <span class="pwstrength_viewport_progress"></span> <span class="pwstrength_viewport_verdict"></span>
  </div>
</div>

pwstrength.js does not detect it because it calls $el.parent() in many places, which only allows for the viewport.progress to be in the same div.
Often to get the layout you need in BS3, you have to add extra divs around your form-controls to constrain width or mess around with other stuff.

To work around this issue, i added

var $parent = $el.parent().parent();
...
$parent.find(allOptions.viewports.progress).append(progressbar);

in several places, which allows a slightly greater separation between the :password input and the progress bar / verdict

Hi,
is it normal that the ul.error-list is not updated even with showErrors: true?

Thanks!

So I'm seeing slightly odd behavior when using the onKeyUp method. Here's what I've got:

$(document).ready(function() {
  var options;
  options = {};
  options.ui = {
    container: "#strength-area",
    showVerdictsInsideProgressBar: true,
    showErrors: true,
    viewports: {
      progress: "#password-strength",
      verdict: "#password-strength"
    }
  };
  options.common = {
    minChar: 8,
    debug: true,
    onKeyUp: function(evt, pwobj) {
      if (pwobj.score < 0) {
          $(evt.target).closest(".form-group").addClass("has-error");
      }
      else if (pwobj.score > 0) {
          $(evt.target).closest(".form-group").removeClass("has-error");
      }
    }
  };
  $("#password").pwstrength(options);
});

As of right now, pwstrength does not automatically add the "has-error" class onto the form group containing the password field, as per:
http://getbootstrap.com/css/#forms-control-validation

So I attempted to do this with onKeyUp, but I'm noticing some weird behavior:

1. When you type the first character, the "has-error" class is successfully added.
2. Once you reach the nth character and the password becomes valid, the "has-error" class is successfully removed.

But, this is where things get odd. If I click outside of the password field, and then click back into the password field, and start manipulating the password again, the scores come in correctly, but the evt.target no longer seems to have the password field, because the addClass/removeClass stop actually manipulating the classes of the form group.

Now, I could cheat and use an ID on the form group of the password, but:

1. Why does evt.target no longer refer to the password field on keyup after clicking out of the field? (or am I misunderstanding?)

2. it would be nice if there was an option on pwstrength to add the "has-error" class (default:true or false, etc).

Thanks!

I have a working example on my password field but I'm a bit unsure how I specifically tell the user how strong their password needs to be.

For instance, some websites say:

Minimum 6 characters
At least 1 upper case letter
At least 1 symbol

At the moment, I am just picking up the "data.score" and allowing the user to continue with saving their password so long as the score is above 38 (I have picked 38 out of thin air - what are the absolute scores that define what is medium, what is strong etc etc... - in truth I'm a bit unsure what I'm fully doing!

Instead of text, verdictText should accept html. Then we could use e.g. Font Awesome icons or sprites instead of words.

Line 405 should be changed into

$verdict.html(text);

Thanks!

Hi!
I think there is an issue in the rule wordSequences with the upper bound of for loop (src/rules.js:82). It doesn't check the 3 letter snippet against the very end of the given password.

Here are 2 tests highlighting the issue:

describe('sequence in password', function () {
    beforeEach(function () {
        options.instances.errors = [];
    });

    it('working on abcx', function () {
        var password = 'abcx';
        expect(rulesEngine.validation.wordSequences(options, password, 123))
                .toEqual(123);
        expect(options.instances.errors).toEqual([ "sequence_found" ]);
    });

    it('not working when at the end', function () {
        var password = 'xabc';
        expect(rulesEngine.validation.wordSequences(options, password, 123))
                .toEqual(123);
        expect(options.instances.errors).toEqual([ "sequence_found" ]);
    });
});

(I temporarily disabled jslint for these tests)
As far as I can see the upper limit of the for loop should be word.length - 2 instead of word.length - 3. This would be here:

for (j = 0; j < (word.length - 2); j += 1) { //iterate the word trough a sliding window of size 3:

Thanks for the project, makes our lives here a bit easier ;)

Cheers,
m

Hi

Hopefully you can help me :)

How can I make a custom rule with the following regex:

"/(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[@#$%]).{8,30}/"

(so "asaFSD663$%$asaas" is a valid password for example)

Every password which doesnt match the regex should get the lowest verdict (password is invalid and cannot be used), whatever comes before or after.

Thanks for your help,
Frank

http://blog.npmjs.org/post/111475741445/publishing-your-jquery-plugin-to-npm-the-quick