Appendix C: Calculate Password Strength

Lots of websites and password generators have little meters that claim to tell you how strong a password is—they want you to keep adding characters until the bar is long enough or turns green or whatever. The problem is, each meter uses its own method to estimate password strength. The results vary wildly, and a tool may give you a false sense of security by suggesting that your password is stronger than it really is. (For more on this problem, read Does your password pass muster? Password strength meters not all created equal at ScienceDaily.)

Although not perfect, the best online password meter I’ve found (and one that ScienceDaily likes too) is an open-source tool from Dropbox called zxcvbn. Not only ...

Get Take Control of Your Passwords, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.