# dropbox/zxcvbn

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/dropbox-zxcvbn).**

15,992 stars · 998 forks · CoffeeScript · MIT

## Links

- GitHub: https://github.com/dropbox/zxcvbn
- awesome-repositories: https://awesome-repositories.com/repository/dropbox-zxcvbn.md

## Description

zxcvbn is a password strength estimator and entropy analyzer designed to evaluate the complexity of passwords. It calculates the time and effort required to crack a password by identifying common sequences and analyzing predictable vocabulary.

The tool functions as a pattern-based security validator that reduces strength scores for inputs containing personal information or strings from custom vocabulary lists. It employs a probabilistic guessing model to simulate cracking strategies, prioritizing common patterns and words over random character combinations.

The system covers security workflows for credential validation and authentication auditing, utilizing dictionary-based pattern matching and heuristic sequence detection to prevent weak security choices during account registration or updates.

## Tags

### Security & Cryptography

- [Password Entropy Analyzers](https://awesome-repositories.com/f/security-cryptography/password-entropy-analyzers.md) — Evaluates the complexity of passwords by identifying common sequences and predictable vocabulary.
- [Dictionary-Based Pattern Matching](https://awesome-repositories.com/f/security-cryptography/dictionary-based-pattern-matching.md) — Compares input strings against large lists of common words and leaked passwords to detect non-random sequences.
- [Password Complexity Validation](https://awesome-repositories.com/f/security-cryptography/password-complexity-validation.md) — Checks passwords against predictable patterns and personal information to prevent weak security choices.
- [Strength Analyzers](https://awesome-repositories.com/f/security-cryptography/password-management/strength-analyzers.md) — Calculates the time required to crack a password by analyzing patterns and comparing them against common word lists.
- [Cracking Strategy Simulation](https://awesome-repositories.com/f/security-cryptography/cracking-strategy-simulation.md) — Simulates a cracker's strategy by prioritizing common patterns and common words over random character combinations.
- [Custom Vocabulary Penalties](https://awesome-repositories.com/f/security-cryptography/custom-vocabulary-penalties.md) — Reduces password strength scores when inputs contain specific user-provided strings or domain-specific terminology.
- [Keyboard Pattern Detection](https://awesome-repositories.com/f/security-cryptography/keyboard-pattern-detection.md) — Identifies predictable keyboard patterns and repeated character sequences to lower the perceived strength of a password.
- [Pattern-Based Security Validators](https://awesome-repositories.com/f/security-cryptography/pattern-based-security-validators.md) — Reduces strength scores for passwords containing personal information or predictable strings.
- [Personal Information Penalties](https://awesome-repositories.com/f/security-cryptography/personal-information-penalties.md) — Reduces password strength scores when they contain user-specific strings or predictable vocabulary from a custom list. ([source](https://cdn.jsdelivr.net/gh/dropbox/zxcvbn@main/README.md))
- [Account Security Policies](https://awesome-repositories.com/f/security-cryptography/user-account-management/account-security-policies.md) — Ensures users create complex and secure passwords during registration or profile updates via security policy enforcement.

### Education & Learning Resources

- [Entropy Calculators](https://awesome-repositories.com/f/education-learning-resources/technical-domain-education/technical-academic-domains/theoretical-cs-foundations/information-theory/entropy-calculators.md) — Uses mathematical models to measure uncertainty and randomness to estimate the time needed for brute force attacks.

### Part of an Awesome List

- [Password Security Auditing](https://awesome-repositories.com/f/awesome-lists/security/password-cracking/password-security-auditing.md) — Analyzes the strength of stored passwords to identify accounts that need to be updated.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Library for estimating password strength.