What is the best way to check the strength of a password?

Question

What is the best way of ensuring that a user supplied password is a strong password in a registration or change password form?

One idea I had (in python)

<         


        

Answer 1

Depending on the language, I usually use regular expressions to check if it has:

• At least one uppercase and one lowercase letter
• At least one number
• At least one special character
• A length of at least six characters

You can require all of the above, or use a strength meter type of script. For my strength meter, if the password has the right length, it is evaluated as follows:

• One condition met: weak password
• Two conditions met: medium password
• All conditions met: strong password

You can adjust the above to meet your needs.