What is the evaluation criteria that a site uses for a password as strong , moderate or less secure

I have been in kind of jinx as to how a website decides on which password is highly vulnerable , strong etc . Lately my yahoo account was told to change password which I am using for long time as the website feels its vulnerable . I need to know how they measure up to this .