October 8th, 2012

Complexify is a plugin that aims to provide a good measure of password complexity for websites to use both for giving hints to users in the form of strength bars, and for casually enforcing a minimum complexity for security reasons.

Complexity can work with all forms and templates.

Complexify’s default settings will enforce a minimum level of complexity that would mean brute-forcing should take ~600 years on a commodity desktop machine.

Complexify supports Unicode and will add appropriate complexity for the size of character set included in a password.

What Complexify doesn’t do:

It does not take into account possible dictionary attacking of passwords. However most passwords vulnerable to this method are relatively short and contain only letters, making them score fairly weakly on this test anyway.
It’s still just client-side validation. If someone wants to bypass this they can, I recommend implementing a check for the minimum length on the server, but I am considering making a complementary server-side library that will enable developers to have a consistent policy set up throughout their service.
Plugin options:

Choose a “Selector” – you can specify you password selector on which Complexify will add visual measurement of the password complexity.
Minimum chars – you can add the number of minimum characters that are required for valid password
Password strength – A scale factor to be applied to the complexity during calculation. For example, 0.8 would allow slightly worse passwords than normal. 1.2 would require higher quality passwords.
Prevent submint (yes/no) – if you enable this option Complexify will prent form submit if the inputed password does not meet the minimum password requirements