Resource icon

Password Tools 3.11.1

No permission to download

Author Xon
Creation date Oct 1, 2018
Tags

hibp limitations password zxcvbn

Overview FAQ Updates (28) Reviews (3) History Discussion

3.11.1 - Feature update

Thursday at 12:25 AM

php 8.4+ compatibility fixes

Rename option "Password check types" to "New password validation rules"

Add "On login; consider known-bad passwords as compromised" option (default false)

Add new password validation rule "Prevent passwords which contain the user's email or username, and the site's domain/name." (default false)

Reactions: mcatze and GameNet

3.10.2 - Bugfix update

Jul 15, 2024

Fix javascript error for XF2.2

3.10.1 - Bugfix update

Jul 11, 2024

Fix javascript error when using XF2.3

Reactions: GameNet

3.10.0 - XenForo 2.3 support

Jun 21, 2024

Require standardLib v1.20.0+

Restore XF2.1 support, note front-end Zxcvbn requires XF2.2+

Support XF2.3+

php 8.4+ compatibility

Reactions: Joe Link

3.9.0 - Feature update

Dec 19, 2023

Add "Force password reset on compromised password" option

This option is likely overkill for most sites, and is not generally recommended

3.8.2 - Bugfix & Maintenance update

Oct 5, 2023

Thanks to @NamePros for this update.

Fix changing user entity while a write is pending in some cases

Add "Use rejected password fragments in password meter" option (default disabled).
Take rejected password fragments into consideration when showing the password strength meter to the user.
Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.

3.8.0 - Feature update

Sep 30, 2023

This add-on is now avaliable on atelieraphelion.com

Require StandardLib v1.18.0+

Add new "User-group for compromised passwords" option, which adds uses to the selected user-group when it is detected they have a compromised password on login.
Defaults to disabled. Useful for targeting with notices

3.7.5 - Bugfix update

Jan 19, 2023

Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours

Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised

Rename various options to be better searchable

Adjust various option defaults to be more robust.

'Minimum password length' from 8 => 10 characters

'Minimum password strength' from 'very weak' to 'weak'

'Pwned password minimum count (soft)' from 1 to 0

'Pwned password minimum count (hard)' from 2 to 1

'Pwned password cache time' from 7 to 3 days

Reactions: vwts, thumped, Joe Link and 1 other person

3.7.4 - Bugfix update

Jul 19, 2022

Fix password checks could incorrectly apply when resetting a user's password

Reactions: unmöglichefirmen, eva2000 and vwts

3.7.3 - Bugfix update

Jun 13, 2022

Improve detection of admin/automated edits for the "Enforce password complexity for admins" feature.

Reactions: eva2000 and otto

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Password Tools 3.11.1

We value your privacy