Storing password strength information along with password
I'm working on an authentication system that uses passwords. I would like to follow modern NIST best practices with regards to password strength.
However, I also considered it may be nice to store some meta-data about the password, such as:
- The length of the password that was chosen
- Entropy score from zxcvbn
Having this information allows me to force users to pick better passwords if in the future best practices change, or if the the company wants to impose better password rules.
Of course all this information can be checked during login too, but stats are also fun.
It occurred to me that knowing this information actually makes it easier to crack this password. My intuition is that therefore it's a bad idea to implement this.
My question here is: Is this intuition correct. Are there safe ways to do this, or should I just forget about it?
