Password meters have become ubiquitous, some are decent, but the majority are actually harmful. While attempts have been made to create strength meters that better reflect the realities of how passwords are cracked, most meters though are naive to such a degree that they give an incredibly dangerous false since of security.
This talk looks at the best and worst of current password meters - from the useful education they provide, to the absurd feedback that has become so common. To address the flaws in current methods, a new method for calculating the real-world strength of passwords is introduced. Based on the techniques used in cracking passwords, including hashing details, a new method has been developed to provide more useful information about the actual strength of a password.