What are the criteria Boardmaker Online uses to determine if a password is strong enough?

Following the guidelines required by NIST SP 800-63B  the following requirements have be placed on passwords for Tobii Dynavox Single Sign On accounts.

• 8 character minimum
• Cannot be present on a list consisting of passwords from previous public security breaches, commonly used dictionary words and repetitive or sequential characters. An open source framework (zxcvbn ) is used to score passwords based on these criteria.
• Guidance is offered to the user, in the form of a strength meter & text explaining the reasoning for a password's rejection.

Using zxcvbn, passwords scored as "Not Secure" or "Weak" if they use any of the following:

• common dictionary words
• common names and surnames
• common dates
• straight rows or short keyboard patterns
• sequential characters like "aaa" or repeating characters like "abcabcabc"
• predictable substitutions like '@' instead of 'a' or uppercase letters do not exclude a password from the restrictions

References
NIST.SP.800-63b (Authentication and Lifecycle Management).pdf
zxcvbn: Low-Budget Password Strength by Estimation Daniel Lowe Wheeler, Dropbox Inc.