Originally posted by Jacob Steingart:
I am not aware of any class or method that will help check the strength of a password, but it certainly wouldn't be difficult to write a method of your own to do such a thing.
I certainly wouldn't call proactive password checking simple.
Beside the obvious checks on length and basic character composition (simple
pattern matching) it should check against passwords that are known to be easily guessable. That list should include things like dictionary words, common names (people/places), acronyms, well-known phrases, keyboard patterns etc. A pretty extensive list of possibilities in and of itself, but
alot of obivous permutations are still left uncovered. Like plural form, words in reverse, words that have individual letters substituted by numbers, concatentation of individual words etc. To add even more to the complexity, alot of items I mentioned are locale sensitive.
Of course there are still more things to consider, like context awareness. For instance, a given password might be strong enough in and of itself, but not if it happens to be the reverse form of that user's previous password, or strongly resembles previously used password. A password that is identical to, or strongly resembles, the username might qualify as a strong password in it's own right, but it's a lowsy choice for that particular user.
I'd say it'd be pretty darn hard to develop a good universal password checker