What This Checker Does
This intermediate meter does everything the Basic tier does, plus it checks whether the password (or a deobfuscated version of it) appears in a list of commonly-used passwords.
Scoring Rules
Composition (max 50 points) — Same as Basic: length contributes up to 25 points, character diversity up to 25 points.
Dictionary check (max 50 points) — If the password does NOT appear in the common password list (even after deobfuscation), it earns 50 points. If it's found as an exact match, it scores 0. If it's found only after leet-speak reversal, it scores 10 (partial credit for at least trying).
Leet Speak Deobfuscation
Before checking the dictionary, the meter reverses common character substitutions: @ → a, 3 → e, 1 or ! → i, 0 → o, $ or 5 → s, 7 or + → t. So P@$$w0rd becomes password and is flagged.
Trailing Junk Detection
The meter also strips trailing numbers and symbols before checking. So monkey123! is recognized as a variant of monkey from the common list.
Improvement Over Basic
The Basic tier rates Password1! as "Strong" (length 10, all 4 classes). This meter correctly identifies it as a common password and rates it "Very Weak."
Similarly, P@$$w0rd fools the Basic tier completely, but this meter deobfuscates it and catches it.
Remaining Weaknesses
This meter still can't detect keyboard walks (qwerty variants not in the list), sequential patterns (abcdefgh), or estimate actual entropy. It also doesn't know about date patterns or repeated characters.
A password like aaaaaaaaAAAA1! scores well here (long, diverse, not in dictionary) despite being trivially predictable.