Minimum Password Strength
What is the difference between the different options for "Minimum Password Strength" in the admin section? How does it affect the end users choice of password?
- very guessable
- somewhat guessable
- safely unguessable
- very unguessable
I hope this is not a duplicate topic, I have search but could not find anything about this matter.
result.score # Integer from 0-4 (useful for implementing a strength bar) 0 # too guessable: risky password. (guesses < 10^3) 1 # very guessable: protection from throttled online attacks. (guesses < 10^6) 2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) 3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) 4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)