I have tried different types of Password Strength Meters or Password checkers, but all give me different results when I test the same Password, because each implements its own algorithm.
Is there some official standard or guideline that can follow me to build my own Password Strength Meter.
If there was no official standard, what features should a good Password Strength Meter check for?
As far as I know there is no standard as there are many definitions of what a good (i.e. strong) password should be.
Some things to consider:
and so on
I'd also add : Doesn't include the username string, or even a part of the username if it's a long one.
I'll throw another criterion in the ring:
Because so many people expect users to remember passwords that are difficult to remember, they resort to keyboard patterns to tame the madness. Throw in shifted versions for good measure.
Oh, and nothing on Twitter's forbidden password list, either.
There are a number of guidelines (google) that give guidance on what makes a strong password, most of which is common sense. At the end of the day you can apply your own policy (or Company policy if they have one) for what is strong and what is not and your decision would probably be influenced by what it is you are trying to protect.
As @jay said, I don't think standardising such a thing would be a wise practice!
http://net.tutsplus.com/tutorials/javascript-ajax/build-a-simple-password-strength-checker/
http://www.ibm.com/developerworks/lotus/library/ls-password_quality/index.html#N100F5
Thought this site was particularly good as it gives an idea of the algorithm they are applying and how they calculate strength.
Consider the following:
See Bruce Schneier's post on passwords as well as this post.