Secure, zero-dependency utilities for generating passwords, passphrases, pins, and more
Generate passwords using a cryptographically-strong source of randomness
Secure localStorage/sessionStorage data with high level of encryption and data compression
realistic password strength estimation
Material password strength meter to indicate how secure is the provided password
Security module - CVE fixes, input validation, path security
TypeScript definitions for secure-password
TypeScript definitions for secure-random-password
Create and verify cryptographically secure Time-based One-time Passwords (TOTP) using the HMAC-based One-time Password (HOTP) algorithm.
JSON parse with prototype poisoning protection
Secure your data exports - encrypt and password protect sensitive CSV and XLSX files
Memorable password generator for Node and browsers (async WebCrypto).
Making Password storage safer for all
A tiny (130B to 205B) and fast utility to randomize unique IDs of fixed length
FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.
Produces secure passwords & keys for WebCrypto, SSH, PGP, SLIP10, OTP and many others
A tiny (230B) and fast UUID (v4) generator for Node and the browser
OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.
Inquirer password prompt
Simple utility to add a layer of protection to your websites, very useful for agencies and freelancers
simple persistent cookiejar system
```sh $ yarn add radix-ui # or $ npm install radix-ui ```
Node.js package for HTTP Basic Authentication password file utility.
```sh $ yarn add radix-ui # or $ npm install radix-ui ```
Adds configurable password policy enforcement to devise.
Adds configurable password policy enforcement to devise.
a gem for extend devise for more password security
The devise-twilio-verify gem extends the Devise authentication system to provide enhanced security through two-factor authentication (2FA). It integrates with the Twilio Verify API to send verification codes via SMS or TOTP (time-based one-time passwords). This gem simplifies adding 2FA to Devise-powered Rails applications, ensuring better protection for user accounts. For instructions on migrating from the legacy Authy API (devise-authy) to Twilio Verify, please refer to the README.
Password Breach Alert is a Devise extension that adds 1) server-side check of password strength before registration, using a list of common passwords, zxcvbn and haveibeenpwned; 2) a way to check users emails against recent verified security breaches, and implement different customized policies.
This Devise extension adds the ability for users to authenticate with one-time passwords, enabling a more secure session mechanism. When logging in, users will receive a unique one-time password that they can use to access the system. This password is valid for only one use, ensuring that each login is secure and that users cannot reuse an old password to access their account. This extension provides a simple and effective way to improve the security of your application and protect against password attacks.
Enigma is a lightweight Ruby gem designed to verify passwords hashed using Firebase's custom scrypt-based algorithm, making it ideal for seamless integrations and migrations involving Firebase authentication systems. It provides a secure, efficient way to compare a user-provided password against a stored hash without exposing sensitive details, ensuring constant-time comparisons to mitigate timing attacks. Key features include: - Full compatibility with Firebase Authentication's password hashing logic, combining scrypt with AES-256-CTR encryption for signing. - Configurable parameters for scrypt (rounds, memory cost), signer keys, and salt separators. - Secure practices using OpenSSL's fixed-length comparisons. - Support for custom logging, with easy integration into Rails or other frameworks. - Minimal dependencies, relying on the 'scrypt' gem alongside Ruby's standard library. A common use case is migrating users from Firebase to systems like Devise in Ruby on Rails. During migration, extract the user's base64-encoded salt and stored hash from Firebase, then use Enigma to verify the input password. If it matches, set the raw password in Devise to generate a new hash, avoiding forced resets and ensuring a smooth transition. Whether for custom auth systems, password audits, or hybrid setups, Enigma simplifies secure verification while prioritizing ease of use.