The meter
You may have noticed a password strength meter next to password fields.
Like other strength meters, it evaluates passwords based on length, use of numbers, uppercase and lowercase letters, and similar criteria.
It also flags common patterns or names as weak. For example, try typing “password”—the meter briefly jumps from Very Weak to Weak, then back to Very Weak.
Zxcvbn
So how does it work? Is there a query to an online database?
Don’t worry—no information about your passwords ever leaves your device. Zxbase uses the well-known open-source package zxcvbn. Along with its evaluation algorithms, it includes a built-in database of 30,000 common password combinations. This is what allows Zxbase to check passwords locally, safely and privately.
Learn more about zxcvbn here: https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation