Password strength estimator produces poor results
The estimates produced by the password strength estimator don't correspond to people's expectations.
The estimate is based on a combination of the number of unique characters and the classes those characters are drawn from (lowercase, uppercase, digits and other). We should consider either using a simpler formula - for example, just the length of the password - or a proven formula such as zxcvbn (https://github.com/dropbox/zxcvbn).
This was also reported by a user in a recent test.