We're currently upgrading our systems to serve you better. During this time, you may experience delays with order shipping. Thank you for your patience.

What are the criteria Boardmaker Online uses to determine if a password is strong enough?

January 14, 2019

Following the guidelines required by NIST SP 800-63B  the following requirements have be placed on passwords for Tobii Dynavox Single Sign On accounts.

  • 8 character minimum
  • Cannot be present on a list consisting of passwords from previous public security breaches, commonly used dictionary words and repetitive or sequential characters. An open source framework (zxcvbn ) is used to score passwords based on these criteria.
  • Guidance is offered to the user, in the form of a strength meter & text explaining the reasoning for a password's rejection.

Using zxcvbn, passwords scored as "Not Secure" or "Weak" if they use any of the following:
  • common dictionary words
  • common names and surnames
  • common dates
  • straight rows or short keyboard patterns
  • sequential characters like "aaa" or repeating characters like "abcabcabc"
  • predictable substitutions like '@' instead of 'a' or uppercase letters do not exclude a password from the restrictions
References
NIST.SP.800-63b (Authentication and Lifecycle Management).pdf
zxcvbn: Low-Budget Password Strength by Estimation Daniel Lowe Wheeler, Dropbox Inc.