WeeChat DevCenter

Script anti_password.py

You've sent your password to the wrong window (ie: WeeChat), and it is now public, viewed by 1,500 people?
For now, you have to change your password.

For the future, a new script is now available: anti_password.py.

How does it work?

When you press Enter to send text to a buffer, the script detects if the input is a password, in two ways:

  1. If the input matches a condition: number of words, lower/upper/digit/special chars.
  2. If a secured data value is in the input (reminder: secured data is the recommended way to store all your passwords in WeeChat) (requires WeeChat ≥ 3.1).

If a password is detected, the text is not sent to the buffer (3 times with the default config).

Note: the WeeChat commands (ie /xxx) are ignored and are always sent.

Options

There are 4 options to configure the script (see /fset anti_password for a list of options with help):

  • allowed_regex: allowed regular expression (checked first)
  • password_condition: the condition used to detect a password
  • check_secured_data: whether the script checks for secured data (disabled, input equals secured data or secured data included in input)
  • max_rejects: the number of times the same input is rejected; after this number, the input is finally sent to the buffer.

Keep your passwords safe!

Updated on 2021-03-13: added option allowed_regex.