My first attempt at fixing this issue used the zxcvbn library, but although it encourages high-quality passwords, the results it produces are confusing without feedback about the rules that have been applied, which would have meant redesigning the UI. So I went with the simpler approach of counting the unique characters in the password, which produces clear results and follows the auditors' advice of putting more emphasis on password length and less on the types of characters used.
Closes #913 (closed)