Zxcvbn custom wordlist not taken into account
6 views
Skip to first unread message
Clément Gindrier
Feb 5, 2026, 6:11:15 AM (3 days ago) Feb 5
to pwm-general
Hello,
I started to use "Zxcvbn" algorithm and I added a custom wordlist, and even though the logs are good, telling me it's imported, it seems Zxcvbn only check the default wordlist and not mine. I am stuck on this issue for a while, I need your help.
Do you have an idea what I missed?
I use PWM 2.0.6
- I added the wordlist in "Settings ⇨ Word Lists ⇨ Word List File URL".
- Word List Word Size Check is at 0
The Word Count went from 800 000 to 24 000, which means it's replaced but my wordlist.
But the strength bar didn't react like the one when I add words directly in the code. Also, I displayed the words that the algorithm find, and new words are not found.
For example, this word is on the default list but not mine, it displays it when I type it:
But this one is only in my wordlist and is not detected:
The format of the file is like that:
Do you see something that I did wrong.
Thank you in advance for the help!
I started to use "Zxcvbn" algorithm and I added a custom wordlist, and even though the logs are good, telling me it's imported, it seems Zxcvbn only check the default wordlist and not mine. I am stuck on this issue for a while, I need your help.
Do you have an idea what I missed?
I use PWM 2.0.6
- I added the wordlist in "Settings ⇨ Word Lists ⇨ Word List File URL".
- In local, it's in "/home/.../wordlist260120.zip" in WSL.
- It's a zip file with a directory "wordlist260120" with a text file "
wordlist260120.txt" in it (I also tested without directory)
- Word List Case Sensitivity is disabled- Word List Word Size Check is at 0
The Word Count went from 800 000 to 24 000, which means it's replaced but my wordlist.
But the strength bar didn't react like the one when I add words directly in the code. Also, I displayed the words that the algorithm find, and new words are not found.
For example, this word is on the default list but not mine, it displays it when I type it:
But this one is only in my wordlist and is not detected:
The format of the file is like that:
Do you see something that I did wrong.
Thank you in advance for the help!
Jason Rivard
Feb 6, 2026, 8:04:23 PM (2 days ago) Feb 6
to pwm-general
Are you sure wordlist checking is enabled on the user's policy? use the 'admin -> user debug' page to check the effective password policy for the user has wordlist checking enabled.
Reply all
Reply to author
Forward
0 new messages