What is the best way to check the strength of a password?

Question

What is the best way of ensuring that a user supplied password is a strong password in a registration or change password form?

One idea I had (in python)

<         


        

Answer 1

With a series of checks to ensure it meets minimum criteria:

• at least 8 characters long
• contains at least one non-alphanumeric symbol
• does not match or contain username/email/etc.
• etc

Here's a jQuery plugin that reports password strength (not tried it myself): http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/

And the same thing ported to PHP: http://www.alixaxel.com/wordpress/2007/06/09/php-password-strength-algorithm/