Here is an interesting take on Password Strength Meters for websites (which are usually bad, but they do remind the user that good passwords are important).
https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
TL;DR – (1) Complex character sets are not as good as long passwords. (2) Use of keyboard patterns and common words, even leetspeak, make (shorter) passwords weaker.
Code here:
https://github.com/dropbox/zxcvbn
And here is a nice implementation using their code:
https://www.my1login.com/resources/password-strength-test/
No comments:
Post a Comment