Guidelines for a Password Strength Meter (Password checker) Design

 

I have tried different types of Password Strength Meters or Password checkers, but all give me different results when I test the same Password, because each implements its own algorithm.

Is there some official standard or guideline that can follow me to build my own Password Strength Meter.

If there was no official standard, what features should a good Password Strength Meter check for?

Consider the following:

  • Length
  • Mixed case
  • Not many repeated characters
  • Includes letters, numbers, and symbols
  • Does not include part of the username
  • Not similar to prior passwords
  • Does not hash to the same thing as a weak password
  • Is not a keyboard walk
  • Is not related to the individual
  • Does not end with the common suffixes
  • Does not start with the common prefixes

    • See Bruce Schneier's post on passwords as well as this post.

    As far as I know there is no standard as there are many definitions of what a good (ie strong) password should be.

    Some things to consider:

  • Length - the longer the better
  • Mixed case
  • Includes numbers as well as characters
  • Includes non alpha numeric characters
  • Isn't a dictionary word
  • Is a phrase

    • and so on

    我还要补充:不包括用户名字符串,或者甚至包括用户名的一部分,如果它很长。

    链接地址: http://www.djcxy.com/p/44148.html

    上一篇: MSTest测试上下文异常处理

    下一篇: 密码强度表(密码检查器)设计指南