Ask HN: How are you checking password strength on the client?

Simple length checkers and regular expressions. Only do it as a convenience, and perform all validation on the server as if no checks were performed on the client, as they might not have been.