The meter
You have probably noticed that we’ve added a password strength meter to login entries in our vault.
Similar to many existing password strength meters, it evaluates the strength of the password based on its length, presence of numbers, lower and upper case symbols e.t.c.
Along with that, you can see that it evaluates passwords that contain common patterns or names to be weak.
Try to type the word password, and you’ll see that the evaluation jumps from ‘Very weak’ to ‘Weak’
but then returns to ‘Very weak’.
Zxcvbn
So how do we do it? Is there any query against an online database?
Don’t fear, not a single piece of information about your password is leaving your device. Zxbase uses a well-known open-source package called zxcvbn. In addition to evaluation algorithms, it contains a built-in database of 30,000 common combinations. That’s what allows us to check passwords locally.
More on zxcvbn here: https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation