Client-side Password Strength Checking

By Deane Barker on October 26, 2005

When you sign up for a Google account these days, they evaluate your password strength as you type it. The area marked “Weak” above said “Too Short” until I had six characters, then it said “Weak,” until I added a few numbers and punctuation symbols to the end, and it finally read “Strong.”

I didn’t bother to look how they did it, though I’m assuming it was all client-side and not Ajaxed.



  1. I first saw this as a feature of Firefox 1.0 a while back. If you set your browser master password in the “saved passwords” page under Tools > Options you get a feature called the “password quality meter” which is the same kind of thing. Pretty cool stuff. I wonder if Google “borrowed” the trick from them.

  2. KDE, the Linux Desktop, has been doing this on nearly all password dialogs for a couple years. I think that they, too, borrowed the idea from somewhere else.

Comments are closed. If you have something you really want to say, tweet @gadgetopia.