Comments on: The ultimate password strength meter

By: Martijn de Kuijper

Martijn de Kuijper — Sun, 30 Sep 2007 19:40:07 +0000

Haha, damn, that’s one tough meter. Only something like ‘fG4%$GFhfghnRT356′ seems to be a strong password

By: admin

admin — Mon, 01 Oct 2007 12:25:01 +0000

Hi Martijn,
I agree with your password has to be ‘extremely strong’ to fill the bar. I will make some changes to the script so that your pass has to be of less strenght.

By: Slim

Slim — Mon, 15 Oct 2007 14:52:31 +0000

Maybe a bug, maybe not, but 5-character password is pretty close to FULL strength
i used first 5 characters of martins password: fG4%$

By: My Hobby is Programming » The ultimate password strength meter

My Hobby is Programming » The ultimate password strength meter — Fri, 09 Nov 2007 14:27:43 +0000

[…] read more | digg story […]

By: mike

mike — Mon, 19 Nov 2007 22:47:51 +0000

Hey guys…Am I missing something? Where is the download link?

By: adicrst

adicrst — Sat, 05 Jan 2008 22:18:13 +0000

I bet that no one in this world has a password strong enough to fill this meter…

By: Ben

Ben — Mon, 07 Jan 2008 18:01:32 +0000

It’s really good. I want to use this on my website. Where in my HTML document do I insert the code?

By: George

George — Fri, 22 Feb 2008 09:31:04 +0000

Where is the download link?

By: pablasso

pablasso — Tue, 11 Mar 2008 21:37:38 +0000

It’s javascript, just get the code in the demo.

By: Bookmarks.WittySparks.com

Bookmarks.WittySparks.com — Tue, 27 May 2008 14:44:15 +0000

The ultimate password strength meter…

I made some improvements on the password strength meters available on the web. Using prototype/scriptaculous, I stole some code from ZeBadger (thanks!) and created a new meter which dynamically changes while typing your password. Useful for form valida…

By: Rob Pomeroy

Rob Pomeroy — Tue, 19 Aug 2008 09:53:23 +0000

Just an observation: the strength-checking algorithm takes virtually no account of password length. Full strength can be achieved in 7 characters. I tend to use pass phrases as passwords - these can be 20-40 characters in length and despite the absence of numerals would be far more resistant to a brute-force cracking attempt than a short mixed string.

e.g. in my opinion, “Life is like a box of chocolates!” is cryptographically far stronger than “qQ123$%” Your script disagrees with me however, giving the former a score of around 40% and the latter a score of 100%.

By: Prototype : la librairie des interfaces ecommerce 2.0 | Capitaine commerce 2.1

Sun, 14 Sep 2008 20:57:50 +0000

[…] PasswordStrengthMeter : des mots de passe au poil […]

By: 10 Smart Javascript Techniques to Improve Your UI - NETTUTS

10 Smart Javascript Techniques to Improve Your UI - NETTUTS — Tue, 16 Sep 2008 00:15:02 +0000

[…] Password Strength Meter works off of prototype/scriptaculous and is a handy little script that shows the strength of the […]

By: Tolga Ergin

Tolga Ergin — Tue, 16 Sep 2008 01:45:03 +0000

i could make a mistake. then i have never started up.

shortly,
1. i entered the demo page.
2. copied my notepad all of the code.
3. downloaded strength.jpg, prototype/prototype.js and scriptaculous/scriptaculous.js
4. put on the right file.

and it was not worked. although i entered the my password (such a$Ti12.) but strenght-bar was never increased.

Can you help me?

By: Matt

Matt — Thu, 18 Sep 2008 13:56:31 +0000

I’m having the same problem as Tolga Ergin. What gives?

By: Willem

Willem — Sat, 20 Sep 2008 11:35:15 +0000

Hi Tolga Ergin, Matt,
Can you send me an email at willem att ajaxorized dott com ? I will provide you a working demo.

Cheers,

By: David Megnin

David Megnin — Sun, 21 Sep 2008 15:49:49 +0000

To add “credit” for password length add this to the algorithm:
intScore = (intScore+passwd.length) // Add the length of the password to the score.

To adjust for the additional scores change all “intScore = (intScore+5)” to “intScore = (intScore+3)”

To prevent the bar graph from overflowing on very long passwords add:
if (intScore > 32)
{
intScore = 32
}

Tolga and Mat, make sure you also get effects.js.
Use Firefox with Developer Tools or just add “/effects.js” to the URL to download it.

Cheers,

By: Willem

Willem — Sun, 21 Sep 2008 16:58:32 +0000

@ David,
Thanks, that’s it. scriptaculous.js automatically loads effects.js . Therefore you have to get this file:

http://ajaxorized.com/examples/scriptaculous/pastrength/scriptaculous/effects.js

and add it.

By: Tolga Ergin

Tolga Ergin — Sun, 21 Sep 2008 23:56:44 +0000

the real url address.
(http://ajaxorized.com/examples/scriptaculous/pastrength/scriptaculous/effects.js)

and it solved my problem.
Thank you

By: Jack

Jack — Wed, 29 Oct 2008 19:58:57 +0000

So, does this make an asynchronous call back to the server? I would assume it does since it’s on “ajaxorized.com”. One question though… Will it pass PCI compliance? Pretty scary stuff!!