The currently entered password in the password field is measured on an often horizontal scale from none to max security. If the password is weak then only a small portion of the horizontal bar is highlighted, and oppositely if the password is strong then a larger portion of the horizontal bar is highlighted.
The password strength is also appropriately indicated by coloring the bar in a color associative with good or bad: Green indicating a strong password and red indicating a weak password.
How strong a password?
The definition of a strong password can be intensely argued. A forced complex password at first glance only spells increased security, but forcing too complex and rigid rules on the complexity of a chosen password can have the opposite effect. As passwords are forced to be complex, they also become increasingly harder to remember by the user. This occasionally leads to a self-destruction of the increased security, as some users in order to remember their new complex password simply write it down on a small sticky note and paste it up on their screen. This is especially a problem in places with the policy of forced password renewal every 3 months.
What is a strong password?
With the above mentioned in mind, I should stress that a sufficiently strong password does not necessarily need to fulfill all of the rules below, but merely a few will do. Consider the following rules to each add an extra point in how strong the password is (so that 0 point is the weakest, and 5 is the strongest). UI-patterns.com defines a strong password when it…:
This would result in 6 levels of password strength depending on how many of the above mentioned criteria are being met.
Choosing an appropriate level of password strength
You need to choose how strong a password is needed for what you want to protect. You need to draw the line somewhere. For 99% of the content out there it can easily be argued that merely the first 2 or 3 of the first mentioned rules will be sufficient.
General guidelines on choosing a password
By showing a password strength meter beside the password field, the user is forced to consider using a password with an appropriate strength. By putting a minimum level of password strength you can even use the password strength meter to force a heightened security to your website.
Using a password strength indicator on the website, another level of security is added to the site. This not only makes the current users of the site feel more secure, but potential clients might use this as a requisite when deciding to conduct business with a company.