Password strength meter
Andrew Coles
andrew_coles at yahoo.co.uk
Fri Oct 29 15:37:32 BST 2004
On Friday 29 Oct 2004 15:28, Kévin Ottens wrote:
> This computation should be fast... but is it relevant enough? Should we add
> checks against a dictionnary? (ok would be far slower... but at least
> verifying if it doesn't contain some personal information like the
> username, or permutations of it, would raise the entropy a bit)
It's quite a basic system at the moment, taken as-is from Mozilla. It's quite
good in that it does raise awareness of password security, and gives a
positive improvement if the user adds a digit or two, or a little bit of case
variety.
The calculation is quite simple. There's a certain amount of (capped) input
to the strength score from the length, upper case characters, numbers and
non-word characters.
I did think actually that if it's all lower-case an additional check could be
done using KSpell to see if it's a simple dictionary word. Taboo words are
another option: a list of them could be passed to the dialogue and the
strength score adjusted downwards accordingly. For example, if changing the
system password, the username and the parts of the user's real name could be
used. A list of standard words could also be used: password, fred, ....
Andrew
More information about the kde-core-devel
mailing list