Below is a screenshot of the demo application I used to test the code. The actual
PasswordStrengthControl is the brightly coloured box containing the word 'Good'. The table below contains the details of how the password is scored.
The code is split into a class to check the password (PasswordStrength.cs) and a
UserControl class (PasswordStrengthControl.cs). There is nothing special about the code. The
PasswordStrength class determines the password strength and allows the caller to get the strength as a value (0 to 100), a textual description (Very Weak, Weak, Good, Strong, Very Strong), and a
DataTable containing the details of the reason for the score.
The scoring is split into two sections - Additions and Deductions.
In the additions section of the code, we add to the overall score for things which make the password 'good'. In my code, we check the following:
- Score += (Password Length *4)
- Score += ((Password Length - Number of Upper Case Letters)*2)
- Score += ((Password Length - Number of Lower Case Letters)*2)
- Score += (Number of Digits * 4)
- Score += (Number of Symbols * 6)
- Score += (Number of Digits or Symbols in the Middle of the Password) * 2
- If (Number of Requirements Met > 3) then Score += (Number of Requirements Met * 2)
- Password Length >= 8
- Contains Uppercase Letters (A-Z)
- Contains Lowercase Letters (a-z)
- Contains Digits (0-9)
- Contains Symbols (
In the deductions section of the code, we subtract from the overall score for things which make the password 'weak'. In my code, we check the following:
- IF Password is all letters THEN Score -= (Password length)
- IF Password is all digits THEN Score -= (Password length)
- IF Password has repeated characters THEN Score -= (Number of repeated characters * (Number of repeated characters -1)
- IF Password has consecutive uppercase letters THEN Score -= (Number of consecutive uppercase characters * 2)
- IF Password has consecutive lowercase letters THEN Score -= (Number of consecutive lowercase characters * 2)
- IF Password has consecutive digits THEN Score -= (Number of consecutive digits * 2)
- IF Password has sequential letters THEN Score -= (Number of sequential letters * 3) E.g.: ABCD or DCBA.
- IF Password has sequential digits THEN Score -= (Number of sequential digits * 3) E.g.: 1234 or 4321.
Using the Code
Using the code could not be simpler. Add the PasswordStrength.cs file to your project, and then add the namespace to your
using section. Then use the code below. All it does is to create a new object of type
PasswordStrength, and then you set the password, and read back the score and other details as needed.
PasswordStrength pwdStrength = new PasswordStrength();
int score = pwdStrength.GetScore();
string ScoreDescription = pwdStrength.GetPasswordStrength();
To use the user control, add the PasswordStrength.cs and PasswordStrengthControl.cs files to your project. Add the namespace to your
using section, and build the code. Then, drag and drop the
PasswordStrength control onto your Windows Form. In the code, you can call the
SetPassword(string Password) method of the control. The control will update itself accordingly.
That is all there is to the code. It is not complex, but solves a small problem. You can use the code as you like, but please let me know if you do use the code.
- 16th February, 2010: Initial post.
- 20th February, 2010: Article text updated.