{"id":17675113,"url":"https://github.com/conorgil/password-strength-meter","last_synced_at":"2026-01-08T00:59:12.463Z","repository":{"id":141849377,"uuid":"126234469","full_name":"conorgil/password-strength-meter","owner":"conorgil","description":"Ideas, notes, and brainstorms for creating a password strength meter that takes into account human behavior and other heuristics to do a better job of identifying weak passwords.","archived":false,"fork":false,"pushed_at":"2018-03-25T20:10:30.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-05T18:47:40.407Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/conorgil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-21T20:08:10.000Z","updated_at":"2018-03-25T20:10:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"498d308c-e263-446f-9ab9-fd0294fae029","html_url":"https://github.com/conorgil/password-strength-meter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conorgil%2Fpassword-strength-meter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conorgil%2Fpassword-strength-meter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conorgil%2Fpassword-strength-meter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conorgil%2Fpassword-strength-meter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/conorgil","download_url":"https://codeload.github.com/conorgil/password-strength-meter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246350947,"owners_count":20763228,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-24T07:10:01.307Z","updated_at":"2026-01-08T00:59:12.429Z","avatar_url":"https://github.com/conorgil.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# password-strength-meter\nIdeas, notes, and brainstorms for creating a password strength meter that takes into account human behavior and other heuristics to do a better job of identifying weak passwords.\n\n\n# Resources\n\n* [Password Strength Indicators Help People Make Ill-Informed Choices](https://www.troyhunt.com/password-strength-indicators-help-people-make-dumb-choices/)\n* [Microsoft Identity Protection Team](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf)\n* [UK's NCSC](https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach)\n* [I've Just Launched \"Pwned Passwords\" V2 With Half a Billion Passwords for Download](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/)\n* [Why you can’t trust password strength meters](https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters/)\n* [The Pitfalls of Password Strength Meters](https://www.infosecurity-magazine.com/blogs/password-strength-meters/)\n* [The Password Meter](http://www.passwordmeter.com/)\n* [From Very Weak to Very Strong: Analyzing Password-Strength Meters](https://www.ndss-symposium.org/ndss2014/programme/very-weak-very-strong-analyzing-password-strength-meters/)\n* [CUPS Lab - Password Meter](https://github.com/cupslab/password_meter)\n\n# Ideas\n* only warn when a password is **known** to be weak?\n* figure out some other way to communicate \"as best we can tell, that password isn't garbage. It might still suck though\"\n* Integrate Pwned Passwords V2 API. It is really fast, so this shouldn't be a problem\n* Allow configuration of some other heuristics, such as the name of the service, the user's name, etc. The password can be checked for permutations of all of these\n* Need a good UI that doesn't block as all of this stuff is checked. Maybe it is too computationally intensive and should be done on the server side?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconorgil%2Fpassword-strength-meter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fconorgil%2Fpassword-strength-meter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconorgil%2Fpassword-strength-meter/lists"}