Password Entropy

Last Update: Apr 28, 2021

This addon is 100% hooks based requiring no source edits to install.

Works with ElkArte: 1.0-1.1


This measures the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.

Unlike basic entropy checks which grades based on the set of symbols (a-zA-Z0-9etc) in potential use at each position, this goes further and takes in to account patterns that people will tend to follow and also compares entered passwords against a list of know common passwords that are in use and theretofore vulnerable to attacks.


  • Enable or disable the addon from the control panel
  • Require users to enter a password that meets a set threshold (good/strong/etc)
  • Show a strength meter on most pages where a password can be reset (profile, authentication, registration)
  • Hovering over the password meter will show the estimated time for a computer to crack a given password with a brute force attack


Download a package by URL

  • Download a package by URL is a quick way to download a package from the web to your forum. Using (Package Manager -> Download Package) enter the below link under the “Download a package by url” field and select Download. This will save the package to your server where you can install it.

Upload a Package

  • Alternatively, download the package using the below link and then using (Package Manager -> Upload Package) browse to where you saved the package on your computer and upload it to the server. You may also FTP the downloaded file directly to your packages directory.


This ElkArte Addon is subject to the terms of the Mozilla Public License version 1.1 (the “License”). You can obtain a copy of the License at

This addon uses the library which is released under the MIT License (MIT)