When I visit websites that want me to create an account before doing something, I typically enter in bogus information and occasionally I see a "password meter" that determines that I've entered a "weak" password. At least it is considered "weak" by some systems and "average/strong" in others. Being the curious sort of person, I've been trying to come up with a good, consistent strategy for calculating password strength and then something useful to do with it. I assume most developers only want to write password strength code one time, do something useful with it, and then move onto the next task. What constitutes a strong password? An excellent question and something the industry seems to have difficulties figuring out at the moment. NIST, the National Institute of Standards and Technology, has a few words to say on the topic. Basically, password strength boils down to the number of bits of entropy that a password has. So the n...
Here you will find all sorts of great information or rants, whichever, about the software industry, products I use, and tips.
If you find a nifty piece of software you think I should be using, forward it to me in the comment of the latest post.