{"id":16308800,"url":"https://github.com/dgl/go-good-password","last_synced_at":"2025-04-13T03:15:12.784Z","repository":{"id":57624991,"uuid":"204878166","full_name":"dgl/go-good-password","owner":"dgl","description":"Password strength checker for Go","archived":false,"fork":false,"pushed_at":"2019-11-25T08:51:19.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-13T03:15:08.943Z","etag":null,"topics":["golang","password","password-strength"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-28T07:54:07.000Z","updated_at":"2019-11-25T08:51:20.000Z","dependencies_parsed_at":"2022-09-16T19:21:26.387Z","dependency_job_id":null,"html_url":"https://github.com/dgl/go-good-password","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2Fgo-good-password","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2Fgo-good-password/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2Fgo-good-password/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dgl%2Fgo-good-password/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dgl","download_url":"https://codeload.github.com/dgl/go-good-password/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657919,"owners_count":21140846,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","password","password-strength"],"created_at":"2024-10-10T21:18:46.061Z","updated_at":"2025-04-13T03:15:12.763Z","avatar_url":"https://github.com/dgl.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go password checker\n\nA simple library to check how strong a password is.\n\n## Do you need this?\n\nThis aims to strike a balance between very strict password policies and provide\na simple idea of how strong it is.\n\nPlease if you haven't read the recommendations from NIST read:\nhttps://pages.nist.gov/800-63-3/sp800-63b.html#memsecret\n\nThey boil down to require 8 characters at minimum and it is recommended to block\ndisclosed passwords. This library will return a very low score for passwords\nless than 8 characters (including unicode characters).\n\nThis is partly aiming to be lightweight -- if you're running a web service you\nmay wish to consider \"zxcvbn\" which covers many more things. (And ideally give\nrealtime feedback via JavaScript, my initial use case for this was a CLI\nutility).\n\n## Implementing\n\n    import \"github.com/dgl/go-good-password\"\n\nThen to use it:\n\n    // Put common words here, both from user's name, email and your service's name.\n    extra := good_password.ExtractWords(user, email, \"your-service-name\")\n\n    score, info := good_password.Check(password, extra)\n\n    if score \u003c 1 {\n      // Don't allow passwords with really common words or such.\n      fmt.Printf(\"%v password, pick a better one (%v)\\n\", score, info)\n      return\n    }\n\n    // Otherwise guilt the user into picking a better password, maybe, but let\n    // them do whatever. (Also you could show them info, but be careful about\n    // logging it.)\n    fmt.Printf(\"%v password!\\n\", score)\n\n## Details\n\nScore is an integer, an 8 character password with lowercase letters will score 1\n(aka \"terrible\"), unless it has common words, repeats, patterns or sequences.\nIncreasing the length and using multiple types of character will increase the\nscore. The `info` returned will explain what was positive or negative about the\npassword (see API docs).\n\nTo meet the NIST recommendations above simply block a score less than one. For\nmore strict password requirements you can require higher scores.\n\nExamples of scores:\n\n* 1 _(\"terrible\")_: \"something\" (one type)\n* 2 _(\"weak\")_: \"somethin1\", \"somethingnew\" (two types)\n* 3 _(\"okay\")_: \"Somethin1\", \"somethinglonger\" (three types)\n* 4 _(\"good\")_: \"Someth!n1\", \"somethingmuchlonger\" (four types)\n* \\\u003e=5 (\"strong\"): \"Someth!n10\", \"correct horse battery staple\" (five types)\n\nIt's also possible to score more by having a longer password. This means\nxkcd.com/936 passwords are allowed with a score of at least 4 (provided they are\n16 characters or more).\n\nI suggest not requiring a score of more than 4 except in very specific cases\n(this allows the length of the password alone to be enough and therefore doesn't\nimpose arbitrary rules on the user).\n\n### Unicode\n\nThis library correctly handles unicode for lengths of passwords. It does not\nperform normalisation on the password. This is your responsibility, see\nhttps://blog.golang.org/normalization.\n\nIt may be as simple as:\n\n    storePassword := norm.NFKC.String(password)\n\n## Other implementations\n\n- https://github.com/nbutton23/zxcvbn-go -- for my case it was too big (about\n  1MB added to binary).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgl%2Fgo-good-password","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdgl%2Fgo-good-password","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgl%2Fgo-good-password/lists"}