Password Strength Meter


The password strength meter plugin measures the entropy of a password string and displays the relative strength of the password visually to the user through a meter and text. It also checks the password against the top 1000 most commonly-used passwords and displays a warning if there is a match.


To include the password strength meter, simply add the class meter to a password input. As the meter doesn't take any options, that's all you have to do.

Code Example
<input type="password" name="test" class="meter"/>
Notes On Server-Side Integration

There are a few notes to make when integrating this plugin with client and server-side validation.

  • This plugin does not filter the password or enforce validation in any way.
  • It is not a substitute for server-side validation.
  • While multiple character sets are encouraged, it's possible to get a strong password based on length with a single character set.
  • Consider not placing low artificial upper limits on password string lengths (for example, 14 characters) as it can limit the effectiveness of user passwords.
  • Consider allowing internal spaces in the password validation.

Implementation & Theory

According to some hacked password lists that have been made public, approximately 91% of users have a password from the top 1000 passwords, with 50% of the passwords less than 8 characters long, 99% containing no non-alphanumeric characters, and only 4% containing 3 or more character sets (lowercase, uppercase, numeric, other).

When calculating entropy, both length of the password and the size of the character set are factored in. For example, the size of the lowercase character set is 26, upper and lowercase is 52, and so on. The formula for calculating entropy in this plugin is:

entropy = log2(charsetSize) * length

The thresholds for each level of the meter are as follows:

Entropy Thresholds
LevelEntropy Level
Very Weak Password 1-29
Weak Password 30-49
Medium Strength Password 50-74
Strong Password 75-89
Very Strong Password 90+
Further Reading


To make this demo easier to use, we've also included the Password Toggle plugin so that you can see your passwords as you test their strength.

VM UI Framework is created, owned, maintained by Virtuosi Media, Inc. © 2012-2013.