Resource icon

Password Tools 3.14.1

No permission to download

Author Xon
Creation date Oct 1, 2018
Tags

hibp limitations password zxcvbn

Overview FAQ Updates (33) Reviews (3) History Discussion

3.14.1 - Feature update

Yesterday at 6:59 PM

Require StandardLib v1.23.0+

Add Custom 2fa device trust lifetime option (default disabled)

Phrase to customize: svPasswordTools_trust_device_desc_x / svPasswordTools_trust_this_device_for_30_days_x
Only plural phrases, because why would you force 2fa to 1 day. That is horrible.

Reactions: Enes3078, Shuya and Mike Fara

3.13.1 - Maintenance update

Jan 5, 2026

Remove unused style properties

Reactions: TAIFUN and thumped

3.13.0 - Feature update

Dec 14, 2025

Require StandardLib v1.22.0+

Reduce pwnedpassword check HTTP request time-out from 2 seconds to 1 second as this blocks the login request, the request should only take a few 10s of milliseconds, so fail faster instead of waiting

Add password test page, this tests all the ways a password could fail including methods which aren't enabled

Reactions: TAIFUN and Shuya

3.12.2 - Bugfix update

Feb 24, 2025

Fix internal server error when registering an account without an email address (requires 3rd party addon to trigger)

Reactions: GameNet and TAIFUN

3.12.1 - Feature update

Feb 22, 2025

Fix server error when a password is very long

Add "Force two-step verification" permission

If enabled for a user, prevents email 2fa from being disabled

For new installs add a "User has compromised password" user-group, and update the "User-group for compromised passwords" option to use it

Align defaults with NIST Password Guidelines for 2024

Update "New password validation rules" defaults. "Prevent passwords which contain the user's email or username, and the site's domain/name" defaults to true

Update "Minimum password length" default to 15

Reactions: siONtI, TAIFUN, Mike Fara and 1 other person

3.11.1 - Feature update

Jul 25, 2024

php 8.4+ compatibility fixes

Rename option "Password check types" to "New password validation rules"

Add "On login; consider known-bad passwords as compromised" option (default false)

Add new password validation rule "Prevent passwords which contain the user's email or username, and the site's domain/name." (default false)

Reactions: TAIFUN, mcatze and GameNet

3.10.2 - Bugfix update

Jul 15, 2024

Fix javascript error for XF2.2

Reactions: TAIFUN

3.10.1 - Bugfix update

Jul 11, 2024

Fix javascript error when using XF2.3

Reactions: TAIFUN and GameNet

3.10.0 - XenForo 2.3 support

Jun 21, 2024

Require standardLib v1.20.0+

Restore XF2.1 support, note front-end Zxcvbn requires XF2.2+

Support XF2.3+

php 8.4+ compatibility

Reactions: TAIFUN and Joe Link

3.9.0 - Feature update

Dec 19, 2023

Add "Force password reset on compromised password" option

This option is likely overkill for most sites, and is not generally recommended

Reactions: TAIFUN

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Password Tools 3.14.1

We value your privacy