| Drupal

How to Set Up a Drupal Workflow in cPanel with Git

One of the problems in Drupal core "out of the box" is that you can pretty much use anything you want for a password.  And while your business might have a policy against weak passwords if Drupal doesn't enforce them, well, you know how people are. I get this question in training all the time, "How can we make users have strong passwords?" 

In this video, I want to talk about forcing strong passwords in Drupal 8 and 9. The solution is the Better Passwords module.

Keep reading to learn!

Hi and welcome to OSTips from OSTraining. My name is Rod Martin.

The Better Passwords module requires the installation of the zxcvn-php library, but if you install it with Composer, Composer will take care of that for you.  Here's the Composer command given in the directions right below, so that's really handy.

strong Passwords in Drupal 9 

  • install using the Composer command
  • click Configure link

strong Passwords in Drupal 9That takes you to Config >> People and passwords where you can set up:

  1. the minimum passphrase length
  2. how strong you want the passphrase to be (strongest/ strong/ moderate/ weak/ don't check)
  3. whether to allow Auto-generate passwords for new users when added by administrators

Auto-generate is a really nice feature, and for most business Drupal sites, this is exactly how their users get added.

 strong Passwords for Drupal 9

  • head over to People
  • click + Add user button

You'll see that the auto-generate password is checked for me.

If I click Create new account on a real site, that password would have been sent to the user.

strong Passwords in Drupal 9

What does it look like when we don't do that? Let's add another user and find out.

I'm going to

  1. uncheck auto-generate password
  2. put in a terrible password so the strength is weak even though they match

Now, If we try and create that password, it's going to tell us that it needs to be at least 8 characters long.  Let's try that again with a different password that is at least 8 characters long. And that says Fair, but that I've used the word "Admin" three times.  It's going say, "Sorry that's repetitive. It's not strong enough. 


Now let's type in a good password: at least 8 characters long with no repitition.  We get a password strength of Strong. We even get the strength indicator in the Confirmation dialog.

strong Passwords for Drupal 9

All right, so that was actually pretty simple. Thanks for joining us today. My name is Rod Martin, and this has been OSTips from OSTraining.

About the author

Rod holds two masters degrees and has been training people how to do "things" for over 25 years. Originally from Australia, he grew up in Canada and now resides just outside Cincinnati, Ohio.