The ultimate password strength meter
September 27, 2007I made some improvements on the password strength meters available on the web. Using prototype/scriptaculous, I stole some code from ZeBadger (thanks!) and created a new meter which dynamically changes while typing your password.
Click here to see the demo
If you want to use this script, feel free to download the source and use it on your website.
Enjoy.
Haha, damn, that’s one tough meter. Only something like ‘fG4%$GFhfghnRT356′ seems to be a strong password
Comment by Martijn de Kuijper — September 30, 2007 @ 9:40 pm
Hi Martijn,
I agree with your password has to be ‘extremely strong’ to fill the bar. I will make some changes to the script so that your pass has to be of less strenght.
Comment by admin — October 1, 2007 @ 2:25 pm
Maybe a bug, maybe not, but 5-character password is pretty close to FULL strength
i used first 5 characters of martins password: fG4%$
Comment by Slim — October 15, 2007 @ 4:52 pm
[…] read more | digg story […]
Pingback by My Hobby is Programming » The ultimate password strength meter — November 9, 2007 @ 4:27 pm
Hey guys…Am I missing something? Where is the download link?
Comment by mike — November 20, 2007 @ 12:47 am
I bet that no one in this world has a password strong enough to fill this meter…
Comment by adicrst — January 6, 2008 @ 12:18 am
It’s really good. I want to use this on my website. Where in my HTML document do I insert the code?
Comment by Ben — January 7, 2008 @ 8:01 pm
Where is the download link?
Comment by George — February 22, 2008 @ 11:31 am
It’s javascript, just get the code in the demo.
Comment by pablasso — March 11, 2008 @ 11:37 pm
The ultimate password strength meter…
I made some improvements on the password strength meters available on the web. Using prototype/scriptaculous, I stole some code from ZeBadger (thanks!) and created a new meter which dynamically changes while typing your password. Useful for form valida…
Trackback by Bookmarks.WittySparks.com — May 27, 2008 @ 4:44 pm
Just an observation: the strength-checking algorithm takes virtually no account of password length. Full strength can be achieved in 7 characters. I tend to use pass phrases as passwords - these can be 20-40 characters in length and despite the absence of numerals would be far more resistant to a brute-force cracking attempt than a short mixed string.
e.g. in my opinion, “Life is like a box of chocolates!” is cryptographically far stronger than “qQ123$%” Your script disagrees with me however, giving the former a score of around 40% and the latter a score of 100%.
Comment by Rob Pomeroy — August 19, 2008 @ 11:53 am
[…] PasswordStrengthMeter : des mots de passe au poil […]
Pingback by Prototype : la librairie des interfaces ecommerce 2.0 | Capitaine commerce 2.1 — September 14, 2008 @ 10:57 pm
[…] Password Strength Meter works off of prototype/scriptaculous and is a handy little script that shows the strength of the […]
Pingback by 10 Smart Javascript Techniques to Improve Your UI - NETTUTS — September 16, 2008 @ 2:15 am
i could make a mistake. then i have never started up.
shortly,
1. i entered the demo page.
2. copied my notepad all of the code.
3. downloaded strength.jpg, prototype/prototype.js and scriptaculous/scriptaculous.js
4. put on the right file.
and it was not worked. although i entered the my password (such a$Ti12.) but strenght-bar was never increased.
Can you help me?
Comment by Tolga Ergin — September 16, 2008 @ 3:45 am
I’m having the same problem as Tolga Ergin. What gives?
Comment by Matt — September 18, 2008 @ 3:56 pm
Hi Tolga Ergin, Matt,
Can you send me an email at willem att ajaxorized dott com ? I will provide you a working demo.
Cheers,
Comment by Willem — September 20, 2008 @ 1:35 pm
To add “credit” for password length add this to the algorithm:
intScore = (intScore+passwd.length) // Add the length of the password to the score.
To adjust for the additional scores change all “intScore = (intScore+5)” to “intScore = (intScore+3)”
To prevent the bar graph from overflowing on very long passwords add:
if (intScore > 32)
{
intScore = 32
}
Tolga and Mat, make sure you also get effects.js.
Use Firefox with Developer Tools or just add “/effects.js” to the URL to download it.
Cheers,
Comment by David Megnin — September 21, 2008 @ 5:49 pm
@ David,
Thanks, that’s it. scriptaculous.js automatically loads effects.js . Therefore you have to get this file:
http://ajaxorized.com/examples/scriptaculous/pastrength/scriptaculous/effects.js
and add it.
Comment by Willem — September 21, 2008 @ 6:58 pm
the real url address.
(http://ajaxorized.com/examples/scriptaculous/pastrength/scriptaculous/effects.js)
and it solved my problem.
Thank you
Comment by Tolga Ergin — September 22, 2008 @ 1:56 am
So, does this make an asynchronous call back to the server? I would assume it does since it’s on “ajaxorized.com”. One question though… Will it pass PCI compliance? Pretty scary stuff!!
Comment by Jack — October 29, 2008 @ 9:58 pm