ยท 1 min read

zxcvbn โ€“ A sensible password strength estimator

Password requirements should get out of the userโ€™s way. The often restrictive password requirements limiting users to a password of just 8 characters and forcing symbol use ignores one of the main parts of password security. Length. Bonus XKCD comic.

I am a fanatical user of 1Password, my password manager of choice. With a few keystrokes, I can have a 64b random password with a mixture of symbols and alphanumeric symbols galore. Albeit this also has a password meter but itโ€™s a little harder to please. Leaving it on the 64 length setting cannot be a bad thing.

That little green bar fills up as you swap out the first character of your petโ€™s name for a dollar symbol in the hope the meter fills up more, makes us think that passwords that might not be secure are green and safe.

If youโ€™re looking for a better alternative there is a nice OSS project from the folks over at Dropbox that does the math. Check it out from the Dropbox OSS: https://github.com/dropbox/zxcvbn/

ย 

ย