GSoC 2026 Proposal Draft – Idea 7: Password Strength Indicator – VinayReddy765

Ronaldo · 14 March 2026 18:25

Links
Project Idea:
https://github.com/joplin/gsoc/blob/master/ideas.md

GitHub profile:
https://github.com/Vinayreddy765

Forum Introduction Post:
https://discourse.joplinapp.org/t/introducing-vinayreddy/48835

Pull requests submitted to Joplin:
PR #14566 – Desktop: Show feedback message when master passwords do not match
PR #14638-Desktop: Fix context menu missing cut/copy when selecting resource links in markdown editor
PR #14665-Desktop: Ensure re-enter password field appears when changing master password
PR #14662-Desktop: Prevent enabling encryption when master password is not set
PR #14724-Desktop: Resolves #14717: Improve clarity of master password warning

1. Introduction

My name is Vinay Reddy and I am currently pursuing a Bachelor of Engineering in Information Science and Engineering at Global Academy of Technology, Bengaluru, India (expected graduation: 2027).

I have experience with TypeScript, React, and modern JavaScript tooling. Recently I started contributing to the Joplin codebase and became familiar with the encryption settings UI while working on improvements to the master password dialog.

Through these contributions I became interested in improving the security usability of Joplin's master password workflow.

2.Project Summary

This project proposes adding a password strength indicator to the Joplin master password dialog.

Currently users receive no feedback about password strength when creating or changing their master password. Weak passwords may therefore be chosen unknowingly.

The goal is to provide real-time feedback while the user types, helping users create stronger passwords without enforcing strict requirements.

Expected outcome:

• Visual password strength indicator
• Strength label (Very Weak → Very Strong)
• Suggestions for improving password quality
• Fully local evaluation using the zxcvbn algorithm

3. Technical Approach

The feature will be implemented using a reusable React component integrated into the existing MasterPasswordDialog.

Main components:

PasswordStrengthIndicator
Displays the strength bar, label, and suggestions.

passwordStrengthUtils
Wrapper utility around the zxcvbn library.

Integration with MasterPasswordDialog
Evaluate password strength whenever the password input changes.

Technologies used:

• TypeScript
• React
• @zxcvbn-ts/core

The password evaluation occurs entirely locally and does not transmit or store password data.

4. Implementation Plan

Community Bonding
Study the existing encryption settings UI and discuss the implementation approach with mentors.

Week 1
Integrate @zxcvbn-ts/core and implement password strength utility functions.

Week 2
Implement PasswordStrengthIndicator React component.

Week 3
Integrate component into MasterPasswordDialog and ensure consistent UI behavior.

Week 4
Write unit tests, optimize performance, and complete documentation

5. Deliverables

At the end of the project:

• Password strength indicator integrated into Joplin's master password dialog
• Unit tests for strength evaluation and UI components
• Documentation for the feature
• Clean and maintainable React component structure

6. Availability

I will be available approximately 30–35 hours per week during the GSoC coding period.

Time zone:
IST (UTC +5:30)

I currently have no conflicting commitments during the coding period.

Full Proposal

Full proposal document:
GSoC 2026 Proposal – Idea 7: Password Strength Indicator

I would appreciate feedback from mentors and contributors regarding the design and implementation approach.

laurent · 14 March 2026 18:50

Thanks for your proposal. Do you feel that it's indeed a 90 hours project?

Ronaldo · 15 March 2026 02:22

Thank you for pointing this out.

I agree that the basic implementation of a password strength indicator alone could be relatively small for a 90-hour project. My initial proposal focused mainly on the core feature, but the scope can reasonably be expanded to add more value to Joplin.

In particular, the project could also include:

• Designing the PasswordStrengthIndicator as a reusable component rather than limiting it only to the master password dialog
• Improving the overall password UX in MasterPasswordDialog by combining strength feedback, password match feedback, and clear security suggestions
• Adding accessibility improvements (ARIA attributes and screen-reader friendly feedback) so that strength changes are properly announced
• Providing stronger test coverage for the strength evaluation logic and UI component behavior
• Testing and verifying the feature across supported desktop platforms (Windows, macOS, and Linux) to ensure consistent behavior.

These additions would turn the feature into a more complete security-UX improvement rather than only a visual indicator.

If you feel the scope should be adjusted further, I would be happy to refine the proposal accordingly.

Daeraxa · 15 March 2026 03:32

Out of interest, how reusable would this be? You mention making alterations to MasterPasswordDialog (handling the e2ee side of things) but as you will have seen in the project ideas we also have a project for local note/notebook encryption which could probably re-use some of this code and UI etc. (not saying for during GSoC but certainly afterwards if both projects are implemented).

Ronaldo · 15 March 2026 04:54

That’s a good point. My intention is to design the password strength indicator as a reusable component rather than tying it directly to MasterPasswordDialog.

The strength evaluation logic would live in a small utility wrapper around zxcvbn, and the UI would be implemented as a generic PasswordStrengthIndicator React component that receives the password value as a prop.

MasterPasswordDialog would only pass the password input to this component and display the feedback. Because of this separation, the same component could later be reused in other dialogs that require password input, including potential features like local note or notebook encryption.

The goal is to keep the strength evaluation and UI logic independent so it can be reused wherever password input is required in the application.

laurent · 17 March 2026 09:03

Hello,

Thank you for your draft proposal. Unfortunately we had to remove the idea from the list as described here: https://github.com/joplin/gsoc/pull/16

Please consider creating a new draft proposal based on a different idea or on your own idea.

Ronaldo · 17 March 2026 10:32

Thank you for the update. I have previously contributed to Joplin with PRs #14566, #14638, and #14665.

Based on the discussion and timeline, I plan to submit a proposal for Idea 5 — Auto-label images using AI. I believe this feature could improve accessibility and searchability of notes by automatically generating meaningful alt text for images.

I'll explore the resource handling in the codebase and start working on a small proof-of-concept. I'll share a proposal draft on the forum soon for feedback.

Topic		Replies	Views
Project 8 - Password Strength Indicator Meta	2	59	13 March 2026
Question about Password Strength Indicator implementation approach (GSoC 2026) GSoC	0	39	12 March 2026
Feature suggestion: Password strength feedback when setting master password Features	16	248	12 March 2026
Interested in Project #8 (Password strength Indicator)-Setup&First Contribution GSoC	1	65	1 March 2026
Welcome to GSoC 2026 with Joplin! GSoC	155	1739	1 April 2026