PHPackages                             derhansen/add\_pwd\_policy - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. derhansen/add\_pwd\_policy

ActiveTypo3-cms-extension[Security](/categories/security)

derhansen/add\_pwd\_policy
==========================

Additional Password Policy validators - Additional password validators for usage in TYPO3 password policies

2.0.1(2mo ago)14.1k↓38%1GPL-2.0-or-laterPHPCI passing

Since Apr 25Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/derhansen/add_pwd_policy)[ Packagist](https://packagist.org/packages/derhansen/add_pwd_policy)[ Docs](https://github.com/derhansen/add_pwd_policy)[ RSS](/packages/derhansen-add-pwd-policy/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (7)Dependencies (8)Versions (11)Used By (0)

[![Latest Stable Version](https://camo.githubusercontent.com/466369e535fb4269951fb72b8e7fb746380b0d9e97853a758f8592e8f7a53fe1/68747470733a2f2f706f7365722e707567782e6f72672f64657268616e73656e2f6164645f7077645f706f6c6963792f762f737461626c65)](https://packagist.org/packages/derhansen/sf_event_mgt)[![Monthly Downloads](https://camo.githubusercontent.com/2e1cf39c984e2807228b3fe2c658fbdb14667cf32c805cdc7a29ed7431d1e255/68747470733a2f2f706f7365722e707567782e6f72672f64657268616e73656e2f6164645f7077645f706f6c6963792f642f6d6f6e74686c79)](https://packagist.org/packages/derhansen/add_pwd_policy)[![Code Quality Checks](https://github.com/derhansen/add_pwd_policy/actions/workflows/CodeQuality.yml/badge.svg)](https://github.com/derhansen/add_pwd_policy/actions/workflows/CodeQuality.yml)[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://camo.githubusercontent.com/39c688bf243eeb6d3bfc529dcf3cb27443613deb696c8fa9f49bccf1e63e3bef/68747470733a2f2f7777772e7265706f7374617475732e6f72672f6261646765732f6c61746573742f6163746976652e737667)](https://www.repostatus.org/#active)

Additional Password Policy validators for TYPO3 CMS
===================================================

[](#additional-password-policy-validators-for-typo3-cms)

This extension for TYPO3 CMS contains additional Password Policy validators for usage in TYPO3 12+ projects. It also adds an event listener for the `EnrichPasswordValidationContextDataEvent` PSR-14 event, so the context data used for password validation is extended with the users email-address.

Included validators
-------------------

[](#included-validators)

### Pwned Password

[](#pwned-password)

#### Description:

[](#description)

This validator ensures that the given password is not part of a known data breach on haveibeenpwned.com

#### Options:

[](#options)

- none

#### Usage example

[](#usage-example)

```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PwnedPasswordValidator::class] = [
    'options' => [],
    'excludeActions' => [],
];

```

### Does not contain username

[](#does-not-contain-username)

#### Description:

[](#description-1)

This validator ensures, that the given password does not contain the users `username`.

#### Options:

[](#options-1)

- none

#### Usage example

[](#usage-example-1)

```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\NotUsernameValidator::class] = [
    'options' => [],
    'excludeActions' => [],
];

```

### Password deny list

[](#password-deny-list)

This validator ensures, that the given password is not part of a configurable list of denied passwords.

The password file must contain one password for each line.

#### Options:

[](#options-2)

- `passwordDenylistFilepath` Relative path to password file. EXT: notation is allowed.

#### Usage example

[](#usage-example-2)

```
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PasswordDenylistValidator::class] = [
    'options' => [
        'passwordDenylistFilepath' => 'EXT:add_pwd_policy/Resources/Private/Text/password_denylist.txt',
    ],
    'excludeActions' => [],
];

```

### PRs welcome

[](#prs-welcome)

If you have created a custom password validator, feel free to provide it as pull request to this repository.

Reporting a Vulnerability
-------------------------

[](#reporting-a-vulnerability)

Please report vulnerabilities to .

Credits
-------

[](#credits)

### Password file

[](#password-file)

The included file with the top 100.000 popular passwords has been downloaded from

###  Health Score

46

—

FairBetter than 92% of packages

Maintenance86

Actively maintained with recent releases

Popularity25

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 97% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~156 days

Recently: every ~28 days

Total

8

Last Release

70d ago

Major Versions

1.x-dev → 2.0.02026-04-25

### Community

Maintainers

![](https://www.gravatar.com/avatar/d52103f3af5442e3cf7f3fb14456dc51f311af529394f0325bcd0a4e8d407947?d=identicon)[derhansen](/maintainers/derhansen)

---

Top Contributors

[![derhansen](https://avatars.githubusercontent.com/u/2629896?v=4)](https://github.com/derhansen "derhansen (32 commits)")[![linawolf](https://avatars.githubusercontent.com/u/48202465?v=4)](https://github.com/linawolf "linawolf (1 commits)")

---

Tags

passwordsecuritysecurityTYPO3 CMSpassword policypassword validators

### Embed Badge

![Health badge](/badges/derhansen-add-pwd-policy/health.svg)

```
[![Health](https://phpackages.com/badges/derhansen-add-pwd-policy/health.svg)](https://phpackages.com/packages/derhansen-add-pwd-policy)
```

###  Alternatives

[friendsoftypo3/content-blocks

TYPO3 CMS Content Blocks - Content Types API | Define reusable components via YAML

103519.9k53](/packages/friendsoftypo3-content-blocks)[netresearch/rte-ckeditor-image

Image support in CKEditor for the TYPO3 ecosystem - by Netresearch

611.1M8](/packages/netresearch-rte-ckeditor-image)[web-vision/wv_deepltranslate

DeepL Translate (CORE) - This extension provides option to translate content element, and TCA record texts to DeepL supported languages.

33304.3k](/packages/web-vision-wv-deepltranslate)[web-vision/deepltranslate-core

DeepL Translate (CORE) - This extension provides option to translate content element, and TCA record texts to DeepL supported languages.

33142.5k8](/packages/web-vision-deepltranslate-core)[wazum/sluggi

TYPO3 extension for URL slug management with inline editing, auto-sync, locking, access control, and redirects

40529.5k](/packages/wazum-sluggi)[lochmueller/staticfilecache

Transparent static file cache solution using mod\_rewrite and mod\_expires. Increase performance for static pages by a factor of 230!!

1271.4M4](/packages/lochmueller-staticfilecache)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
