Free Xon - Password Tools 3.12.2
Cause safer passwords are better passwords.
- Fix internal server error when registering an account without an email address (requires 3rd party addon to trigger)
- Fix server error when a password is very long
- Add "Force two-step verification" permission
- If enabled for a user, prevents email 2fa from being disabled
- For new installs add a "User has compromised password" user-group, and update the "User-group for compromised passwords" option to use it
- Align defaults with NIST Password Guidelines for 2024
- Update "New password validation rules" defaults. "Prevent passwords which contain the user's email or username, and the site's domain/name" defaults to true
- Update "Minimum password length" default to 15
- Require standardLib v1.20.0+
- Restore XF2.1 support, note front-end Zxcvbn requires XF2.2+
- Support XF2.3+
- php 8.4+ compatibility
- Add "Force password reset on compromised password" option
- This option is likely overkill for most sites, and is not generally recommended
- Fix changing user entity while a write is pending in some cases
- Add "Use rejected password fragments in password meter" option (default disabled).
Take rejected password fragments into consideration when showing the password strength meter to the user.
Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.