ERPNext Conference 2019* Blog

Security: Password strength level meaning


In Setup --> System Settings --> SECURITY, I can specify a Minimum Password score.

How can I find out what rule(s) every score level implies?
Put another way - If I set it to 5, what list of rules can I tell users will be expected of them in terms of password format adherence/conformance?


Hi! The integer value scores apparently relate to complexity estimation, not actual discrete rules.

To learn more refer to these for example


Is there a way to know the minimum requirements?
Password length, special characters, etc.


For clues a web search on zxcvbn may provide answers?

Let us know what you find!


On further study and just to clarify -

ERPNext uses zxcvbn just to assess a user supplied password

Whereas passlib provides the backend functions to handle passwords

I am not familiar with passlib

Since that is a business policy decision, my guess is rather than code and have to support this, ERPNext provides zxcvbn instead for user’s to assess passwords

#6 will tell you how strong the password is