Update: 1.1 released, minor update to fix minor bug in the way the RegEx was interpreted by IE6/7 which meant the rules weren't enforced properly. Have also added some CSS to make the error message stand out more.
This is simple package that improves the security of the users section. By default there is no password strength validation on the users edit page, other than requiring that something be entered. This means it is possible for users to have single letter passwords, or easily guessed password like "dog".
This package adds a regexp validator to the password field of the password editor that enforces a basic minimum password strength. Currently this is set to enforce the following rules:
- password must be at least 8 characters long
- password must contain at least 1 upper case character
- password must contain at least 1 lower case character
- password must contain at least 1 number
This allows you to make sure that no easily hackable passwords are set up.
I intend to update this package with a few more security things in the future, such as the option to add a captcha to the cms login to stop dictionary attacks. All feedback/suggestions appreciated, don't forget to vote up if you like it!