Password complexity gems

Hey all,

A team of mine is adding a password complexity gem to a codebase of ours. Based on security advice, we’ve originally settled upon zxcvbn. However, as I’ve started to look into the gem itself it seems that it was started at Dropbox and that forward development has ceased. There are a number of forks but I believe zxcvbn now refers to one of the lesser used variants as opposed to say, zxcvbn-ruby.

I just wanted to ask if there is any concensus by the community on which one has a future and which one should actually be used? Or, if the concensus is to avoid zxcvbn altogether, what the best replacement would be?


1 Like