[Chicago-talk] Password strength

John Kristoff jtk at depaul.edu
Fri Aug 7 10:41:52 PDT 2015

On Fri, Aug 07, 2015 at 02:35:01PM +0000, richard at rushlogistics.com wrote:
> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I
> found this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can
> anyone lend some insight in this matter and perhaps where to go get a
> good one if you believe they are a good idea?

A meter seems little more than eye candy if it doesn't do anything other
than just show the complexity.  If the password must reach a certain
point on the meter, then that might be slightly more helpful.  It is
unlikely to affect user behavior much if at all.  As long as a password
satisifies the minimal constraints, most users won't exert much effort
to impress the meter.

USENIX and the IEEE Security & Privacy journals, to name just two, have
had numerous good articles related to passwords over the years that
might be useful references.  For instance:



More information about the Chicago-talk mailing list