What is the best way to check the strength of a password?

Question

What is the best way of ensuring that a user supplied password is a strong password in a registration or change password form?

One idea I had (in python)

<         


        

Answer 1

The two simplest metrics to check for are:

1. Length. I'd say 8 characters as a minimum.
2. Number of different character classes the password contains. These are usually, lowercase letters, uppercase letters, numbers and punctuation and other symbols. A strong password will contain characters from at least three of these classes; if you force a number or other non-alphabetic character you significantly reduce the effectiveness of dictionary attacks.