This extension determines the strength of the password entered by the user. zxcvbn4Chrome uses zxcvbn library (by dropbox) for determining the password strength. If user has entered his personal information in options page, this information is used for determining the strength correctly.
WHAT IS zxcvbn?
- zxcvbn is an open source library by Dropbox. It's a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak. The source code of the library is available at https://github.com/dropbox/zxcvbn.
HOW DOES zxcvbn ESTIMATES THE STRENGTH OF PASSWORD?
- The details are given on this page - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
WHY USE zxcvbn4Chrome WHEN THERE ARE NUMBER OF WEBSITES WHICH OFFERS THIS KIND OF SERVICE?
- zxcvbn4Chrome is completely offline solution. This extension doesn’t store or collect your password. The personal information entered in options page is stored in browser's local storage and is not shared with any third party organization or application. This information helps zxcvbn4Chrome to determine the password strength correctly. The source code is open sourced. Hence you can fully trust this extension for checking the strength of your password.
WHERE CAN FIND SOURCE CODE OF zxcvbn4Chrome?
- The source code of zxcvbn4Chrome is available at https://github.com/ChromeAppsFactory/zxcvbn4Chrome
SHOULD I NOT TRUST PASSWORD METER AVAILABLE AT WEBSITE’S SIGNUP PAGE?
- A lot of sites implement the password meter just for the sake of it. They impose the rule of having mix of upper case letter, lower case letter, symbols and numbers and minimum length of 8 characters. But just following such a rule doesn’t make your password strong. For example, pattern “P@ssw0rd” follows all these rules and many of the websites will say it’s a strong password. But in reality it’s a very weak password.