Password strength indicator-draft proposal

GSoC GSoC Proposal Drafts
1

Hi everyone! I'm Dipok Dutta, a Computer Science undergraduate, India. I'd like to express my interest in Project #8 — Password Strength Indicator for GSoC 2026.

My proposed approach:

  • Integrate zxcvbn-ts (@zxcvbn-ts/core) for password evaluation — far more accurate than simple character-counting rules because it models real attacker behaviour, checking against dictionaries of common passwords, keyboard walks, names, and date patterns

  • Build a reusable PasswordStrengthIndicator react component in TypeScript that accepts the current password as a prop and renders entirely client-side — no network calls, no data sent anywhere

  • Display a 4-segment colur bar (Weak / Fair / Good / Strong) that updates in real time as the user types, debounced at 150ms

  • Show a human-readable crack-time estimate from zxcvbn, e.g. "estimated crack time: 3 hours" vs "centuries" — concrete and motivating

  • Show up to 2 actionable improvement suggestions from zxcvbn's feedback (e.g "avoid sequences like abc") — hidden once the password reaches Good or Strong to keep the UI clean

  • Use both colour and text labels on the bar so colour-blind users get the same information — WCAG 2.1 AA compliant

  • Integrate into EncryptionConfigScreen (the primary master password screen in packages/app-desktop) and any equivalent mobile screens for consistency

  • Write unit tests for the strength logic and React component tests using Jest + React Testing Library

What I will do more time remains:

  • Enforce a minimum strength — suggestions are always advisory, never blocking

  • Touch any encryption or key derivation logic

  • Add a password generator (possible future work)

Questions for the mentors (PackElend, Laurent):

  1. Are there other password input screens beyond EncryptionConfigScreen I should cover — for example in the mobile app or the web clipper?

  2. Is there a preferred way to add new npm dependencies in the Joplin desktop package — any bundle size constraints I should be aware of?

if anything else, you liked to point out please tell me , i will work through some iterations more.

2

Hello, we've recently updated the template for GSoC draft proposals. Please update your post as described here:

3

Hello,

Thank you for your draft proposal. Unfortunately we had to remove the idea from the list as described here: https://github.com/joplin/gsoc/pull/16

Please consider creating a new draft proposal based on a different idea or on your own idea.