xF2 Add-on Password Tools 3.9.0

ENXF NET · Dec 1, 2018

LQD submitted a new resource:

Password Tools - Cause safer passwords are better passwords.

Password Tools
Description
View attachment 1540
This modification mostly follows the principles of Dan Wheelers password strength estimator zxcvbn. It does not weight password strength by their combination of upper/lower letters, special characters and numbers, but on how easy they are to crack in reality.

To increase the safety of your users account, you can force them to use passwords of a minimum...

Read more about this resource...

ENXF NET · Jan 28, 2019

LQD updated Password Tools with a new update entry:

3.1.0 - XF2.1 compatibility update

Update for XF2.1, supports XF2.0 & XF2.1

Wire up Show password enable/disable flag to XF2.1 native feature

Wire up zxcvbn enable/disable flag to XF2.1 native feature

Does not push zxcvbn blacklist flags into XF2.1 native version, but still validates them on password submission.

Read the rest of this update entry...

ENXF NET · Mar 28, 2019

ENXF NET updated Password Tools with a new update entry:

3.1.1 - Bugfix update

Fix XF2.1 compatibility with admin login screen

Read the rest of this update entry...

ENXF NET · Apr 7, 2019

ENXF NET updated Password Tools with a new update entry:

3.1.2 - Bugfix update

Fix XF2.1 compatibility with admin login screen (include changes in package)

Read the rest of this update entry...

ENXF NET · Jul 23, 2019

ENXF NET updated Password Tools with a new update entry:

3.1.3 - Bugfix update

Add add-on & options icon

Fix issue blocking user login when the user's password storage requires upgrading and they have a weak password.

Read the rest of this update entry...

Skynet · Apr 10, 2020

ENXF NET updated Password Tools with a new update entry:

3.2.0 - Maintainance update

Require XF2.1, drop XF2.0 support and use built in composer support.
Update zxcvbn-php library to be more inline with zxcvbn-js
Fix incorrect phrase being used on haveibeenpwned api failure

Read the rest of this update entry...

ENXF NET · Apr 11, 2020

ENXF NET updated Password Tools with a new update entry:

3.2.2 - Bugfix update

Fix "Undefined index: match_sequence" error when "Force Reject" option is enabled

Read the rest of this update entry...

ENXF NET · Jul 27, 2020

ENXF NET updated Password Tools with a new update entry:

3.3.0 - XF2.2 compatibility update

Requires php 7.0+

Now depends on Standard Library by Xon

Supports XF2.2+

Read the rest of this update entry...

ENXF NET · Mar 17, 2021

ENXF NET updated Password Tools with a new update entry:

3.4.0 - php 8 compatibility update

Require php 7.2+

Fix php 8 compatibility

Read the rest of this update entry...

ENXF NET · Jul 26, 2021

ENXF NET updated Password Tools with a new update entry:

3.5.0 - Feature update

Force global namespace for functions which are known to be optimizable to bytecode in php, or known global functions to avoid a current namespace lookup for the function.

Add "On login; alert the user if they have a known compromised password" option (default enabled)

Add "Minimum time between triggering compromised password alerts on login" option (default 24 hours)

Read the rest of this update entry...

ENXF NET · Oct 30, 2021

ENXF NET updated Password Tools with a new update entry:

3.6.1 - Feature update

Thanks to @NamePros for sponsoring this update.

Update compromised password alert text to be less awkward

On updating passwords, remove any compromised password alerts to avoid user confusion

Add "Force email two factor authentication on compromised password" option (default disabled)

Add "Pwned password minimum count (soft)" option.
This allows a user to change a password to a known compromised value which is under a given number of known hits. This still generates...

Read the rest of this update entry...

ENXF NET · Nov 24, 2021

ENXF NET updated Password Tools with a new update entry:

3.6.2 - Maintenance update

Reduce queries when triggering forced email 2fa

Prevent rare DuplicateKeyException when forcing email 2fa and multiple tabs are being used

Read the rest of this update entry...

ENXF NET · Dec 16, 2021

ENXF NET updated Password Tools with a new update entry:

3.6.4 - Bugfix update

Fix edge case where 32bit php would incorrectly report a very strong password was weak due to bad float to integer truncation.

Recommend ext-gmp (aka php-gmp) for optimized binomial calculations, which requires php 7.3+

Read the rest of this update entry...

ENXF NET · Dec 23, 2021

ENXF NET updated Password Tools with a new update entry:

3.6.5 - Bugfix update

Switch back to upstream bjeavons/zxcvbn-php library as it should be fully php 8.1 compatible.

More 32bit php fixes, Thanks to @NamePros

Read the rest of this update entry...

ENXF NET · Jun 1, 2022

ENXF NET updated Password Tools with a new update entry:

3.7.1 - Feature update

Require XenForo 2.2+, drop XF2.1 support

Actually implement cron to prune the pwned password hash cache. Old entries where already being ignored, so this will hopefully just reduce MySQL table bloat

Fix denial of service attack by preventing too long password which can trigger factorial number of brute force password checks when using Zxcvbn

Update new install option defaults to more recommend values:

Enforce password complexity for admins

Enable "Length check...

Read the rest of this update entry...

ENXF NET · Jun 14, 2022

ENXF NET updated Password Tools with a new update entry:

3.7.3 - Bugfix update

Improve detection of admin/automated edits for the "Enforce password complexity for admins" feature.

Read the rest of this update entry...

ENXF NET · Jul 21, 2022

ENXF NET updated Password Tools with a new update entry:

2.7.4 - Bugfix update

Fix password checks could incorrectly apply when resetting a user's password

Read the rest of this update entry...

ENXF NET · Jan 31, 2023

ENXF NET updated Password Tools with a new update entry:

3.7.5 - Bugfix update

Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours

Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised

Rename various options to be better searchable

Adjust various option defaults to be more robust.

'Minimum password length' from 8 => 10 characters

'Minimum password strength' from 'very weak' to 'weak'

'Pwned password...

Read the rest of this update entry...

ENXF NET · Oct 5, 2023

ENXF NET updated Password Tools with a new update entry:

3.8.0 - Feature update

This add-on is now avaliable on atelieraphelion.com

Require StandardLib v1.18.0+

Add new "User-group for compromised passwords" option, which adds uses to the selected user-group when it is detected they have a compromised password on login.
Defaults to disabled. Useful for targeting with notices

Read the rest of this update entry...

ENXF NET · Oct 13, 2023

ENXF NET updated Password Tools with a new update entry:

3.8.2 - Bugfix & Maintenance update

Thanks to @NamePros for this update.

Fix changing user entity while a write is pending in some cases

Add "Use rejected password fragments in password meter" option (default disabled).
Take rejected password fragments into consideration when showing the password strength meter to the user.
Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.

Read the rest of this update entry...

xF2 Add-on Password Tools 3.9.0

Administrator

Administrator

Administrator

Administrator

Administrator

Collaborate

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator

Administrator