Complexify – A jQuery Plugin for Analyzing Password Strength
Complexify is a free but useful jQuery plugin which lets you to accurately gauge the quality of a user's password to give them visual feedback, and to enforce a minimum level of security.
Many websites give an indicator of how secure a password is, and require a minimum standard of security. However this is always poorly implemented with rules such as 'must require a number' even if the password is 30 characters long and clearly very secure. Often the only requirement is a minimum number of characters, a very poor indicator of password strength.
Complexify calculates a rating for the password based on how difficult it would be to brute-force it. What does this actually mean?
- If I have an 8 character password that only uses lower case characters, it's not good enough and I will need to make it better.
- But if I have a 25 character password that happens to not have a number in it, I am not going to be forced to add one.
Complexify's default settings will enforce a level of complexity that would mean brute-forcing should take ~600 years on a commodity desktop machine. The 'perfect' password used to scale the complexity percentage would take 3x10^33 years.
Don't like to miss out any of our posts? Do Subscribe to our Feed
How To Prevent Server-Side JavaScript Injection
Brian Sullivan talks about how backend vulnerabilities are exploited with techniques learned from attacking Javascript frontends. Here he discusses security vulnerabilities that could come up when software developers create applications or modules used with JavaScript-based server applications such as NoSQL database engines or Node.js web servers. Brian explains how an attacker may take full control over the server, by exploiting these vulnerabilities through uploading and executing arbitrary files on the server machine.
Brian concludes the paper with defenses against SSJS injection which are similar to SQL injection defenses:
- Avoid creation of “ad-hoc” JavaScript commands by concatenating script with user input.
- Always validate user input used in SSJS commands with regular expressions.
- Avoid use of the JavaScript eval command, especially when parsing JSON input, use a safer alternative such as JSON.parse.
Like what we post? share your thoughts on the comments below. If you wish to get regular updates on what we post, do subscribe to our RSS Feed
BrowserID – A secure authentication solution by Mozilla
BrowserID aims to provide a safe and sound way of proving your identity to servers across the web, without having to create separate usernames and passwords each time.
Instead of a new username, it uses your email address as your identity which allows it to be decentralized since anyone can send you an email verification message. It's currently implemented via JavaScript but hopefully it will be built into the browser in the future.
Tags
- Open Source (60)
- JavaScript (57)
- Mobile Web (43)
- HTML 5 (22)
- NoSQL (22)
- jQuery (21)
- Database (19)
- Node.js (17)
- Android (15)
- Conference (14)
- View all 76 tags »
Contributors
Toby Ruckert
Aby Varghese
Jiby John
