Project 8 - Password Strength Indicator

Meta
1

Personal Information

Name: Arjit Singh
Education: B.Tech Computer Science (AI/ML specialization, Data Analytics minor), Amity University Gurugram, India
Background: Completed Harvard CS50, currently pursuing CS50 Web. Hands‑on experience with Python, C, and modern web frameworks (React, Django, Flask). I’ve applied these skills in hackathons and coursework, focusing on usability, modular design, and security.
Motivation: I am passionate about privacy‑focused applications and open‑source collaboration. Joplin’s mission resonates with me, and I want to contribute features that empower users to secure their data more effectively.

Synopsis

This project aims to implement a Password Strength Indicator in Joplin’s desktop and mobile applications. The feature will provide real‑time feedback to users when setting their master password, helping them choose stronger, more secure passwords without enforcing restrictions.

Benefits to Joplin

  • Improves user security awareness by showing password strength and crack‑time estimates.

  • Enhances user experience with actionable suggestions and accessible UI.

  • Aligns with Joplin’s mission of privacy and data protection.

  • Provides consistency across desktop and mobile platforms.

Deliverables

  • A reusable PasswordStrengthIndicator React component in TypeScript.

  • Integration into EncryptionConfigScreen (desktop) and equivalent mobile screens.

  • Real‑time strength bar (Weak / Fair / Good / Strong) with text + color labels.

  • Crack‑time estimates and improvement suggestions from zxcvbn-ts.

  • Unit tests and React component tests (Jest + React Testing Library).

  • Documentation for developers on usage and integration.

Technical Details

  • Library: Integrate @zxcvbn-ts/core for password evaluation.

  • UI: 4‑segment bar with WCAG 2.1 AA compliance (color + text labels).

  • Performance: Debounced updates (150ms) for smooth typing feedback.

  • Accessibility: Suggestions hidden once password reaches Good/Strong.

  • Scope Control: Advisory only, no enforcement of minimum strength.

  • Testing: Unit + component tests to ensure reliability.

Timeline (5 Weeks)

Week 1: Setup & Research

  • Study Joplin’s codebase and password input points.

  • Confirm integration feasibility with zxcvbn-ts.

Week 2: Component Development (Desktop)

  • Implement PasswordStrengthIndicator component.

  • Integrate with desktop EncryptionConfigScreen.

Week 3: Accessibility & Mobile Integration

  • Ensure WCAG compliance.

  • Integrate into mobile password input screens.

  • Optimize performance.

Week 4: Testing & Refinement

  • Write unit/component tests.

  • Refine UI/UX based on feedback.

Week 5: Documentation & Final Review

  • Document component usage.

  • Prepare PRs and finalize deliverables.

  • Address mentor feedback.

Skills Required

  • TypeScript, React (for component development).

  • Familiarity with npm dependency management.

  • Testing frameworks (Jest, React Testing Library).

  • Understanding of accessibility standards (WCAG 2.1).

Difficulty Level

Easy to Medium — The project is well‑scoped, beginner‑friendly, and achievable within ~90 hours, while still requiring attention to detail in UI/UX and accessibility.

Potential Mentors

  • Laurent Cozic

  • PackElend

References

  • zxcvbn-ts library

  • Joplin GSoC Ideas Page

  • Joplin Discourse community discussions

I’m particularly drawn to Joplin because of its focus on privacy and user empowerment. A password strength indicator directly supports this mission by helping users make informed choices about securing their data. My background in web development and security‑oriented projects makes me confident I can deliver a robust, accessible, and user‑friendly solution.

I look forward to feedback from the mentors and community, and I’m excited to iterate on this proposal to make it as strong and useful as possible.

2

Thank you. We do want beginner-friendly projects but do you feel that this is indeed an Easy to Medium project that takes 90 hours?