Skip to content

How To: Set up simple password complexity requirements

Jump to bottom Edit New page
Lance Carlson edited this page Apr 27, 2018 · 13 revisions

June 2016:

Here is a simple method of adding a password strength / complexity requirement to devise without using devise security extension (using extension is recommended.)

Example: add the following line to user.rb in app/models directory. Edit Regex to your liking

  validate :password_complexity
  
  def password_complexity
    if password.present?
       if !password.match(/^(?=.*[a-z])(?=.*[A-Z])/) 
         errors.add :password, "Password complexity requirement not met"
       end
    end
  end

Afterwards, password created by the user, admin must meet the regex requirements.

An alternative (better) solution would be so use a 3rd party library like strong_password that tries to comply with NIST requirements:

https://github.com/bdmac/strong_password

Getting Started

MIT License. Copyright 2009-2020 Plataformatec. http://plataformatec.com.br

Add a custom sidebar
Clone this wiki locally