zxcvbn: Realistic Password Strength Estimation

Great piece of open source code by the developers of Dropbox.

It’s a relatively new take on password strength estimation (which is usually based on length and the interweaving of numbers between letters) which gives the user a realistic estimation of the time a cracker would need to guess her password.

My regular, day-to-day password would last for 43 minutes; my secure, twenty-characters long password however would last 12 days. Would I add a mere letter after it, it’d take 3 years.

Finally, I find the advice given by the developers to be sound: choose a full sentence as a password, when allowed. It’s easier to remember and it’s very hard for crackers to find.