-
Notifications
You must be signed in to change notification settings - Fork 5.5k
How To: Set up simple password complexity requirements
Lance Carlson edited this page Apr 27, 2018
·
13 revisions
Best solution would be so use a 3rd party library like strong_password that tries to comply with NIST requirements:
https://github.com/bdmac/strong_password
June 2016:
Here is a simple method of adding a password strength / complexity requirement to devise without using devise security extension (using extension is recommended.)
Example: add the following line to user.rb in app/models directory. Edit Regex to your liking
validate :password_complexity
def password_complexity
if password.present?
if !password.match(/^(?=.*[a-z])(?=.*[A-Z])/)
errors.add :password, "Password complexity requirement not met"
end
end
end
Afterwards, password created by the user, admin must meet the regex requirements.