Password strength meter

Andrew Coles andrew_coles at
Fri Oct 29 15:37:32 BST 2004

On Friday 29 Oct 2004 15:28, Kévin Ottens wrote:
> This computation should be fast... but is it relevant enough? Should we add
> checks against a dictionnary? (ok would be far slower... but at least
> verifying if it doesn't contain some personal information like the
> username, or permutations of it, would raise the entropy a bit)

It's quite a basic system at the moment, taken as-is from Mozilla.  It's quite 
good in that it does raise awareness of password security, and gives a 
positive improvement if the user adds a digit or two, or a little bit of case 

The calculation is quite simple.  There's a certain amount of (capped) input 
to the strength score from the length, upper case characters, numbers and 
non-word characters.

I did think actually that  if it's all lower-case an additional check could be 
done using KSpell to see if it's a simple dictionary word.  Taboo words are 
another option: a list of them could be passed to the dialogue and the 
strength score adjusted downwards accordingly.  For example, if changing the 
system password, the username and the parts of the user's real name could be 
used.  A list of standard words could also be used: password, fred, ....


More information about the kde-core-devel mailing list