Web services have exploitable vulnerabilities beyond the user’s reach. People normally aren’t afraid of having the data from their computers compromised, so they don’t use encryption. That’s why passwords of more than 8 to 12 characters offer little to no benefit in those cases, the system itself is less secure than the security a long password could offer.

Why are these long passwords important and why does it make it difference how much redundancy it has? The first part is already good enough to be hard to break.

If you are fit in JavaScript, you can take the code (it’s free) and improve it. I would really value your contribution. An option to determine the desired optimal length for instance would be a good feature.

Thanks.

I think your password meter is optimized for 8 character strings. I’d like to see it manage long passwords better. For 8 character passwords it’s fine.

If you try only the first 8 characters of your examples, you will get 59% for “-3XDR45,” and 100% for “NI3CE>le”. These numbers influence the password quality way higher than the rest of the characters.

What do you think? Does this answer your question?

For the password NI3CE>leroy>Salam it gives a score of 100%, “Very Strong”.

For the password -3XDR45, fse/n.ur) N`OO*;:+Mat9v it gives a score of 77%, “Strong”.

How does that proceed?

Thanks. I know that the entropy plays a role. Redundancy and length are already covered which basically cover the entropy part. The value is not yet perfect, especially long passwords get weaker with a lot of redundancy. I am gonna change that soon.

Rene