Password Strength Meter

registered · Posted: Fri Sep 01, 2006 12:19 am

hey guys, i just found this cool mod !!!

it is for php-nuke but the prob is that it is for CNB YA !

In the file it says that it can be used with any Your Account module..

i tried editing the normal YA files but cudnt find the instances where to edit...

If some cud tell me how to use it with normal YA module, it wud be of gr8 help !

DOwnload it here:

Code:

http://www.uploading.com/files/63J46ZTE/Password_Strength_Meter.txt.html

Thanks !

Sells PC To Pay For Divorce Joined: Posts: 5661

lol...and you think we know?
i realy enjoy reading your topics...
you post a problem included with a download address ,we download it and solve it for you... lol

But why not try it yourself....you probably gave up to soon.
all functions should be available in the public folder.

Posted: Fri Sep 01, 2006 6:32 am

Well, if i were a coder and i knew how to fix it up, then i wudnt have bothered to ask u..

thats good u really enjoy reading my topics but u shud also consider helping rather than just enjoying !!!

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Only registered users can see links on this board! Get registered or login! one that looks easy enough to install. But there are a couple of VERY big problems with it.

First, it's a service that you can integrate, not code that you install. I would NOT recommend using a service that checks the validity of your password since there are no guarantees that it wouldn't be linked to your IP address and used in unauthorized ways.

Second, there is no explanation as to how the strength is calculated. As far as we know, it could be RANDOM...

Posted: Fri Sep 01, 2006 7:14 am

thnx for ur reply !!

btw, the one i have posted in the above post uses javascript to check the pwd strength !

Hence, i feel it is safe !!!

Ur suggestions ??

Posted: Fri Sep 01, 2006 8:31 am

I did a little research and found quite a few alternatives, each with different approaches. Some had graphics, some did not. Some gave feedback as to how to make the password more secure, others just a score or rating. I'd like to investigate this further when I have time to figure out different approaches and compare them. I'll look at the example you gave, too.

hitwalker, have you looked into this already?

Theme Guru Joined: Nov 01, 2003 Posts: 1006

Quote:

# Code stripped from Nuke EVO Beta 2
# See the credits at www.nuke-evolution.com for full credits
# I didn't write any of the code. I just modified it to work nicely with a
# non Nuke-Evolution website.
# This has been tested on phpNuke 7.9 and phpNuke 7.6 but should work with
# any version that's using CNBYA

it clearly says "that's using CNBYA" I see nothing about using this as is on a regular nuke ya module.

Posted: Fri Sep 01, 2006 8:41 am

Right - that's what s60addict wants - to use this with the regular Nuke YA module.

Posted: Fri Sep 01, 2006 8:45 am

well here's another approach...

http://www.nukecops.com/postt52782.html

Posted: Fri Sep 01, 2006 8:46 am

Yes, his mod that he posted is not for that. That was all that I was pointing out. S60 also has a ton of mods installed which from his posts seem to all have issues on his site. It might be wise to sort them all out and be certain that the site is working before adding anything new. However, that is just my opinion. Either way, maybe something you found will work for him because the one he posted clearly will not. The only reason that I posted that was becuase in his original post he stated that it said it would work with any YA module but it clearly does not say that.

Posted: Fri Sep 01, 2006 8:49 am

those should work for him hit. nice find:)

Posted: Fri Sep 01, 2006 8:51 am

Quote:

S60 also has a ton of mods installed which from his posts seem to all have issues on his site...It might be wise to sort them all out and be certain that the site is working before adding anything new

yes wise words jaded...

Posted: Fri Sep 01, 2006 9:01 am

Agree. I'll look at this one too. My main concern isn't how it looks, but the algorithm it uses to determine strength. What factors are important? For example:

Length, vowels vs. consonants, upper vs. lower case, special characters?
What about similarity to username or email?
What about checking a database of common passwords or some advanced routine for checking security?

Posted: Fri Sep 01, 2006 9:05 am

enjoy .....
http://www.securitystats.com/tools/password.php

Posted: Fri Sep 01, 2006 9:10 am

yeah im good ....

here's it all explained... PDF
http://csrc.nist.gov/pki/twg/y2003/presentations/twg-03-05.pdf

Posted: Fri Sep 01, 2006 9:10 am

I have packed up and added all these option to the downloads on my site. I suppose that way anyone later who needs them can find them more simply. Sometimes links in posts die. I have learned that the hard way lol.

Posted: Fri Sep 01, 2006 9:13 am

How true, jaded! I've already downloaded and / or bookmarked everything, too.

Posted: Fri Sep 01, 2006 9:25 am

hitwalker, you are the KING of links... THANKS!

registered · Posted: Fri Sep 01, 2006 10:24 am

At least he gave me credit Smile

Posted: Fri Sep 01, 2006 11:23 am

Know what you mean, technocrat. What are your thoughts on the algorithm for determining password strength?

Posted: Fri Sep 01, 2006 11:28 am

I read everything posted here before I made the orginal script, minus the nukecops post. Really it comes down to how much effort you want to put into it and how much you want to twist people's arms. After pondering that for awhile that's why I came up with the script I did. Its pretty simple and just checks for the real basics and has no enforcement.

I might change that in Evo 3, but I am unsure. If I did I would make it as flexible as I can. You do not want to force admins into doing something they may not want to do.

Posted: Fri Sep 01, 2006 11:30 am

Thanks alot for all ur support !!

ill try it out n let u guys know !!!

Well, this is the real kinda reply i was seeking !!! RavensScripts

Posted: Fri Sep 01, 2006 12:09 pm

well, the first one didnt work as it gave a blank your account page !!

the second one, ie microsoft password strength meter asks for a file includes/custom_files/custom_head.php

but there is no such file neither in ravennuke nor php-nuke 7.8?

what shud i do ???

registered · Posted: Fri Sep 01, 2006 7:13 pm

Personally I think, unless it's an Admin or Super User account, who cares about the strength and/or complexity of their passwords?!

What am I missing here? Why force everybody to have Enterprise quality passwords? What's the benefit that would outweigh frustrating your users and possibly making them go somewhere else?

registered · Worker Joined: Oct 07, 2003 Posts: 211

I downloaded and installed the Microsoft Password strength checker that arnoldkrg was talking about in this post:

http://www.nukecops.com/postt52782.html

I changed a couple of things because I didn't want the js to load in every page instance, just the pages which allow registration. It takes in account for length, numbers, capitals when it determines strength. I just saw it as a useful feature. Members can still have 1234 as a password, but it tells them it is a weak password. For members who care, or admins who have large sites the addon can have advantages by giving members a hint when they register as to how easy it will be to "guess" their password.