zxcvbn โ A sensible password strength estimator
Password requirements should get out of the userโs way. The often restrictive password requirements limiting users to a password of just 8 characters and forcing symbol use ignores one of the main parts of password security. Length. Bonus XKCD comic.
I am a fanatical user of 1Password, my password manager of choice. With a few keystrokes, I can have a 64b random password with a mixture of symbols and alphanumeric symbols galore. Albeit this also has a password meter but itโs a little harder to please. Leaving it on the 64 length setting cannot be a bad thing.
That little green bar fills up as you swap out the first character of your petโs name for a dollar symbol in the hope the meter fills up more, makes us think that passwords that might not be secure are green and safe.
If youโre looking for a better alternative there is a nice OSS project from the folks over at Dropbox that does the math. Check it out from the Dropbox OSS: https://github.com/dropbox/zxcvbn/
ย
ย