For those of you who might have missed my previous entry and the history behind passwordmeter.com, feel free to read about it here. For the rest of you, you’ll be happy to know that I finally got around to adjusting the algorithms in the Password Meter script. My original update was to be a single html page with javascript, css and even images embedded. This would have made it really easy to download and deploy in virtually any environment. However, due to a lack of support for base64 image conversion in earlier versions of Internet Explorer, I was forced to include a separate directory for images. Since I had to create a separate directory for images, I opted to extract the Javascript and CSS code as well, and place each into its own respective directory. So the final download is actually a zip file that contains the main page and all supporting scripts, images and stylesheets, plus a copy of the GPL license.

In addition to generally cleaning up the code a bit and adding penalties for repeat symbols, the main update to the script was done to alter the method used to calculate deductions for repeat characters. This has been an issue since version 1.03 was deployed and was never addressed until now. I originally used an exponential formula to penalize users for adding the same character more than once to their password. As the number of identical characters increased, the penalty became more and more severe – to the point where users would end up with a score of zero, despite having a reasonably difficult password. I realized the flaw shortly after I deployed it but never got around to fixing it due to other projects getting in the way.

In the latest version, repeat characters are still penalized. But the formula is now based on proximity to other identical characters where further distance means less deduction. I also accounted for the total number of unique characters and weighed that number into the calculation as well. So if you have a 12 character password that consists entirely of unique alpha-numerics and symbols, then add a string of 14 “x”s to the end, the deduction penalty for the repeat characters is significantly reduced. Being that the password meter utility is run entirely on the client side, I’m still limited to the tools that Javascript can provide, so it’s still not quite as accurate as I’d like it to be. But this new version should be a lot more accurate than the previous releases in terms of applied penalties and total score calculation.

I am planning to rebuild the passwordmeter.com site some time in the next week or so. Nothing major is planned but I need to revamp it a bit to support the new code base as well as the ability to add new blog entries that are specific to the password meter code. The download link will also be changed so that it points back to the software repository here at Meta Beta Geek. In the mean time, while you’re waiting for the passwordmeter.com site to be updated, you can either play with the demo site, or download the code directly. For downloading, just select the “MBG PWDMeter Package” from the software list. Please let me know if you notice any glaring bugs or issues with the new 2.0 release.

UPDATE:

The scripts and links at passwordmeter.com have now been updated.

Cheers,

Jeff @ Meta Beta Geek

The latest revision of MBG Scaffolder (v2.0.5) has now been pushed to production and for the moment I have no plans for any additional major updates.  So while I’m sorting out licensing issues and preparing the MBG Scaffolder code for public release, I’m reviewing some of my other projects to determine what’s next on my list of priorities.  There are a number of PHP and Javascript pieces in particular that come to mind, but most of these are fairly recent and don’t require a huge amount of changes prior to release.  So I started digging through my code archives to see if any older pieces were due for a review.

One of my earlier works, a piece of code written over two years ago, still manages to generate quite a lot of Internet traffic.  Password Meter is a Javascript project that I literally sat down and wrote in a single weekend.  At that time, it was designed as nothing more than a fun piece of code for users to play with and explore.  I never imagined that it would become as popular a resource as it has, achieving over a thousand hits per day at its current location, www.passwordmeter.com.  The program was designed to rate a user’s password and provide instantaneous visual feedback related to the password’s strength in terms of crackability.

Since the Password Meter code was initially released under general public license (GPL), I have received quite a lot of feedback related to the internal algorithms used to calculate password strength.  I’ve been aware for quite some time now that this portion of the code is in need of a revamp.  I simply haven’t had the time or energy to deal with it.  So the code has remained largely unchanged since its initial release, an issue I hope to remedy in the near future.

In terms of project scope, the Password Meter script itself is not terribly long, so I don’t expect the re-write to take an overly long time.  But I also tend to get rather entrenched in projects like this, so the end result may be quite a bit more complicated than the first release.  For the sake of keeping things simple though, my current plan is to fix the major issues and re-release the code as a new revision. For the time being, even though Meta Beta Geek was intended to track all my coding projects, the source code for Password Meter will remain at its current location.  Any future revisions or modifications to the code will most likely be referenced and tracked here at Meta Beta Geek.

That’s it for updates at the moment.  Stay tuned for a new release of Password Meter very soon, and don’t forget to leave a comment or two if you have suggestions for code or site improvements.  Happy Holidays to you and yours!

UPDATE:

Password Meter version 2.0 is now available for demo or download.

Cheers,

Jeff @ Meta Beta Geek