Much user authentication in traditional systems relies on user-chosen passwords. The strength of a password in the face of a variety of attacks, from brute force to knowledge-based attacks, continues to be important to prevent unauthorized access of a user account or user data. Techniques that influence users in the strength of their chosen password include enforced password composition policy, lists of banned passwords, feedback on the strength of the password the user is choosing, and providing lists of generated (high-strength) passwords from which the user chooses a password. Most traditional mechanisms rely on restricting users. The feedback on the user's current password strength gives users some transparency into the strength of the choice they are currently making when compared to an algorithm for evaluating the strength of a password against brute force attacks, with the notion that they will chose to get their password to strong (or at least not weak). However, such feedback does not include context of the user community in which the password is used.