Add a password entropy meter

[jlbooker]

Add a password entropy meter to Users. Calculate the zero-order entropy of the string, and give the user a poor/weak/good/strong/secure rating.

Also, use a list of the top 100,000 most common passwords and ban them, as it doesn't matter how much entropy your password has if it's the word "password".

References:

• https://www.grc.com/haystack.htm
• http://arstechnica.com/security/2013/05/its-official-password-strength-meters-arent-security-theater/
• http://en.wikipedia.org/wiki/Entropy_%28information_theory%29
• http://blog.shay.co/password-entropy/

┆Issue is synchronized with this Asana task

[hrvbid]

yes, password quality is an important matter. But some side effects can help on that way, like a small max count of invalid login attempts to lock (some time/permanant) a user account, for example. Also a possible login addon could be to generate multiple passwords assigned for one user (where one is valid only for the real user and the others lead the logged in individual to what hell ever).