I’d rather you had a warning sign triangle that points out obvious mistakes:
Your password is reused. If any site is hacked, all other accounts are compromised. Click for details
This password is less than 6 characters and is simply too short to be secure
Exclamation mark is the most used symbol in passwords
This is a known password and will be cracked instantly by any competent attacker
Please don’t use numbers that are dates or years
I can see the weakness in this, if my third attempt has a yellow sign, I shall simply ignore it. But at least it provides feedback I can act on rather than “weak” which is as useful as a damp rag.
I hate to say it, but after upgrading my gf’s passwords, I noticed 2 things:
a) basically nobody uses passwords for security, everyone is on 2factor cause people and passwords are not a good match, which is because:
b) she used Maria.1997 (not real name, not real date) as passwords and basically all websites gave her the thumbs up (10 chars, upper lower, symbols, numbers not in sequence). Anyone who knows how cracking works knows exactly how strong that is and all the indicators did was to give her a false sense of security.
My friend at work also uses this kind of passwords and he keeps getting inundated with 2FA requests for 1-2 days till the hackers get banned by Google. I keep telling him to change it and eventually gave in, and it all stopped,
And they all have the green light from a password strength guesser. And they are all variation on name and birth year.