Is it possible to implement a password meter using SoSciSurvey?

Question

Hello,

I wanted to ask if is it possible to implement a password meter in a survey on this platform?

My ultimate goal is to evaluate different password creation prompts, and for this I need to incorporate a password meter (the thing that informs the user how strong their password is depending on certain rules).

I saw that one can use HTML, PHP and JavaScript in the surveys but since I don't have enough experience with the platform I can't judge on my own if this is possible to create such a meter.

Can you please help me on the subject? Any additional tips will be of great help.

PS: I would need to store the password or at least some password safety score based on the strength of the password in the data set.

Thanks in advance.

Answer 1

Yes, you can embed JavaScript that will rate the password. SoSci Survey does this itself in the user account where you can change the password.

It depends, however, a lot on the algorithm that rates the passwort. For practical application, it's most important that the password is not listed in a public list of known passwords. "Have I been pwned" is the proper source for that,

But then, there are much more factors for how good a password is. And they depend on how some bad guy is attacking the password. In a brute force character based attack, the password "Ineverusegoodpasswords" would be quite strong, because it's long. If they use a dictionary-based brute force attack, it's weak, because it's made of (known) words.

So, before looking for the right JavaScript to rate the password, please work through some theory on good and bad passwords. With some luck, some of the reserachers provide you with the proper JavaScript then.