One of the barriers to good password practices is that people get frustrated while trying to choose a password that meets all the requirements of the system. Most password-change dialog boxes don't provide much help. They usually require the password to be entered twice before it can be checked for compliance, and if it fails, there is often no clear indication of what must be changed to comply.
What if the system gave real-time feedback while the new password was being created? I'm working on a project to do exactly that. PasswordCoach watches each character of the new password as you type it, visually checks off each requirement as it is met, and provides interactive hints. When you're typing the password a second time for confirmation, if you mistype a single character the hint text will tell you right away so you can fix it. A graphical password-strength meter shows a rating of how crack-resistant your new password will be.
I hope to use this code as part of a scripted account-migration process during an upcoming server upgrade at my company. If you'd like to check out this work-in-process, I would welcome any feedback. You can
download a self-contained demo that allows you to test the interactive features without actually changing any passwords, or you can
grab the source code (AutoIt3 script) and modify it for your own purposes. Let me know if you find it useful.
