Since version 12.162.284 you can see the strength of passwords. This is valid for all the passwords in the system: shared passwords, including passwords in custom fields, and personal passwords. This document explains everything related to password strength in Team Password Manager.
Strength values
Depending on the composition of the password (characters, length), we define its strength using four values, from the weakest to the strongest: very weak (1), weak (2), good (3) and strong (4).
These values are always shown this way at the right hand side of a password:
On the password screens (see next section) we also show the estimated time to crack the password, for example: [time to crack: 3 years].
For the curious, we use the zxcvbn-php library (https://github.com/bjeavons/zxcvbn-php), to calculate the strength values.
Where strength is shown
Team Password Manager shows the strength of passwords in the following places:
• Lists: shared passwords list, project and personal passwords:
• Password screen: where the strength of the custom fields of type password and the time to crack is also shown:
• When editing a password: in this case, the strength and time to crack are dynamically calculated as you enter the password:
Enabling password strength
Password strength is already enabled for new installations. However, if you're upgrading from a previous version of Team Password Manager, you'll need to enable it. Enabling password strength executes a process that calculates the strength of all the passwords in the system. Once this process has completed, password strength is enabled.
To enable password strength, go to "Settings" (in the top menu), then select "Password strength" in the left sidebar. You need to be Admin or IT to be able to do this.
Click the "Enable password strength" button and then confirm in the next step. The strength calculation process will begin:
Once the process finishes, password strength is enabled. If you want to stop the process or if you close the screen, you can resume the process from where it stopped following the same steps.
Search strength operator
We've introduced a new operator to search for passwords with a specific strength. This operator is called strength, and can be used in regular lists, inside a project and in personal passwords lists. For example:
strength:weak
This will return all the password entries that have weak passwords (including passwords in custom fields).
You can use the following values with the strength operator: very_weak, weak, good, strong. You can also use numerical values from 1 (very weak) to 4 (strong), and a special value called not_strong that returns all the passwords that are not strong (very weak, weak or good).
This operator is also documented in the Advanced search operators document.
Document changelog
| Jul 4, 2024: | Document created |
