The password strength meter plugin measures the entropy of a password string and displays the relative strength of the password visually to the user through a meter and text. It also checks the password against the top 1000 most commonly-used passwords and displays a warning if there is a match.
To include the password strength meter, simply add the class
meter to a password
input. As the meter doesn't take any options, that's all you have to do.
<input type="password" name="test" class="meter"/>
There are a few notes to make when integrating this plugin with client and server-side validation.
According to some hacked password lists that have been made public, approximately 91% of users have a password from the top 1000 passwords, with 50% of the passwords less than 8 characters long, 99% containing no non-alphanumeric characters, and only 4% containing 3 or more character sets (lowercase, uppercase, numeric, other).
When calculating entropy, both length of the password and the size of the character set are factored in. For example, the size of the lowercase character set is 26, upper and lowercase is 52, and so on. The formula for calculating entropy in this plugin is:
entropy = log2(charsetSize) * length
The thresholds for each level of the meter are as follows:
|Very Weak Password||1-29|
|Medium Strength Password||50-74|
|Very Strong Password||90+|
To make this demo easier to use, we've also included the Password Toggle plugin so that you can see your passwords as you test their strength.