

“How Secure Is My Password?” Strength Meter Open Sourced - shcollider
https://github.com/howsecureismypassword/hsimp

======
dbarlett
This is significantly more optimistic than Dropbox's zxcvbn [1]:

    
    
      Password                   hsimp                zxcvbn
      qwER43@!                   3 days               3 hours
      Tr0ub4dour&3               344 thousand years   22 hours
      correcthorsebatterystaple  A quintillion years  65 years
    

[1] [https://github.com/dropbox/zxcvbn](https://github.com/dropbox/zxcvbn)

~~~
shcollider
The plugin is actually based on newer code than the current HSIMP site so it
would, for example, detect that "correcthorsebatterystaple" is going to get
cracked straight away.

It's also fully customisable how many calculations per second you want to
assume a cracker can make. It's set to 10 billion by default, but you could
set it to much higher if you wanted.

The boundaries of what counts as "ok" and "good" passwords can also be
customised.

------
dkopi
How secure is my password? Very weak, if you've ever entered it into a "how
secure is my password" website.

~~~
shcollider
The site doesn't actually send passwords anywhere. Having said that, the irony
is not lost on me that a site called "How Secure Is My Password?" asks you to
type your password into a site which you have no reason to trust. I didn't
ever really intend for the site to become popular... but it did. Anyway,
hopefully by having it as a plugin directly on websites it will avoid such
problems.

~~~
dkopi
I had no intention of accusing this specific website or code for storing your
password or sending it back to a server. But using a random "how secure is
your password" website is one of the least secure things you can do.

------
andrewrice
Very cool. What's the source on which passwords are common?

~~~
shcollider
It's from this post: [https://xato.net/passwords/more-top-worst-
passwords/](https://xato.net/passwords/more-top-worst-passwords/)

Although that's probably a bit out of date now. I might see if there's a newer
version.

------
shcollider
Any feedback on documentation and general usability would be appreciated. Do
file Issues on GitHub if you find anything.

