PHPackages dhensby/silverstripe-zxcvbn - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. dhensby/silverstripe-zxcvbn ActiveSilverstripe-vendormodule[Validation & Sanitization](/categories/validation) dhensby/silverstripe-zxcvbn =========================== Realistic SilverStripe password strength validator based on Zxcvbn PHP v0.2.0(7y ago)27882BSD-3-ClausePHPPHP ^5.6 || ^7.0 Since Jul 14Pushed 7y ago1 watchersCompare [ Source](https://github.com/dhensby/silverstripe-zxcvbn)[ Packagist](https://packagist.org/packages/dhensby/silverstripe-zxcvbn)[ RSS](/packages/dhensby-silverstripe-zxcvbn/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (6)Used By (0) zxcvbn Password Validator ========================= [](#zxcvbn-password-validator) This is a drop-in replacement for the core `SilverStripe\Security\PasswordValidator` class. This module implements [`bjeavons/zxcvbn-php`](https://github.com/bjeavons/zxcvbn-php) which provides a more realistic measure of password strength (or, rather, vulnerability). Installation ------------ [](#installation) Install with [`composer`](https://getcomposer.org/): ``` composer require dhensby/silverstripe-zxcvbn ``` Usage ----- [](#usage) This module automatically registers its validator against `Injector` meaning any existing instantiations of `SilverStripe\Security\PasswordValidator` (using the `Injector` factory) will automatically be replaced with this validator. Most new SilverStripe applications come with a `PasswordValidator` already registered, if that's the case you'll likely need to make this change: In your `_config.php`: ``` use SilverStripe\Security\PasswordValidator; use SilverStripe\Security\Member; -$validator = new PasswordValidator(); +$validator = PasswordValidator::create(); +$validator->setMinTestScore(3); $validator->setMinLength(8); $validator->setHistoricCount(6); Member::set_password_validator($validator); ``` The existing rules for minimum length and historical password count still exist and will work as expected but note that a password with a short length will do well to reach a score of 3 and a short password of score 3 is going to be better than a longer password of score 2. If you don't have any existing configuration you can set the validator up with the help of `Injector` and no PHP code is needed (SS 4.2+): ``` SilverStripe\Security\PasswordValidator: min_test_score: 3 ``` Or: ``` SilverStripe\Core\Injector\Injector: SilverStripe\Security\PasswordValidator: properties: MinTestScore: 3 ``` Guidance -------- [](#guidance) Passwords will be given a score by the validator; that score can range from 0 - 4, with 0 being the worst and 4 the best. In reality a score of 3 is going to be acceptable on most sites; enforcing a score of 4 will become very frustrating for most users. ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community11 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 77.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~83 days Total 4 Last Release 2609d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/563596?v=4)[Daniel Hensby](/maintainers/dhensby)[@dhensby](https://github.com/dhensby) --- Top Contributors [![dhensby](https://avatars.githubusercontent.com/u/563596?v=4)](https://github.com/dhensby "dhensby (7 commits)")[![TheBnl](https://avatars.githubusercontent.com/u/1334195?v=4)](https://github.com/TheBnl "TheBnl (2 commits)") --- Tags validatorsecuritypasswordsilverstripezxcvbn ### Embed Badge ![Health badge](/badges/dhensby-silverstripe-zxcvbn/health.svg) ``` [![Health](https://phpackages.com/badges/dhensby-silverstripe-zxcvbn/health.svg)](https://phpackages.com/packages/dhensby-silverstripe-zxcvbn) ``` ### Alternatives [rollerworks/password-strength-validator Password-strength validator for Symfony 1455.7M6](/packages/rollerworks-password-strength-validator)[olssonm/l5-zxcvbn Implementation of the zxcvbn project by @dropbox for Laravel. Uses zxcvbn-php by @bjeavons. 28311.1k1](/packages/olssonm-l5-zxcvbn)[rebelinblue/laravel-zxcvbn Service provider to use the zxcvbn project by @dropbox in Laravel 5.4 and above 1160.4k](/packages/rebelinblue-laravel-zxcvbn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)