KC-706: Updated master password grading to use zxcvbn

[sshrushanth-ks]

Summary

• Added master_password_score() using zxcvbn, scoped exclusively to master password strength evaluation. The existing password_score() heuristic is preserved unchanged for vault record passwords.
• Updated reset-password to always show both the zxcvbn strength grade and the BreachWatch scan result independently — previously only one would run depending on whether BreachWatch was enabled.

Changes

• requirements.txt — Added zxcvbn dependency.
• setup.cfg — Added zxcvbn to install_requires so it is installed correctly in CI and pip environments.
• keepercommander/utils.py — Added master_password_score() with try/except and .get() for safe access, falling back to 25 (Weak) on any failure.
• keepercommander/commands/utils.py — reset-password now always calls master_password_score() for zxcvbn strength logging, and BreachWatch scan runs alongside it independently instead of as a mutually exclusive alternative.
• unit-tests/test_crypto.py — Added test_master_password_score().

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	zxcvbn@​4.5.0

View full report