Click here to Skip to main content
Click here to Skip to main content

Password Strength Control

, 21 Feb 2010 CPOL
Rate this:
Please Sign up or sign in to vote.
Determine the strength of a user entered password.



I am currently working on a number of small applications for personal use, all of which require a password to keep the data and application more secure. To ensure that I can only enter a strong password, I decided to create a password strength control which would display how strong the password is - like you get when signing up with lots of websites - where they say Weak, Good, Strong, or Very Strong. To this end, I looked on the Internet for any code, and I could not find much. I did find this website:[^]. This website seems to me to have a good way of checking password strength, not just checking length or upper and lower case letters. This website also allows you to download the source for this, but it is in JavaScript, and I am writing a C# application, so I decided to use this method of checking the password strength and write my own implementation.

Below is a screenshot of the demo application I used to test the code. The actual PasswordStrengthControl is the brightly coloured box containing the word 'Good'. The table below contains the details of how the password is scored.


The Code

The code is split into a class to check the password (PasswordStrength.cs) and a UserControl class (PasswordStrengthControl.cs). There is nothing special about the code. The PasswordStrength class determines the password strength and allows the caller to get the strength as a value (0 to 100), a textual description (Very Weak, Weak, Good, Strong, Very Strong), and a DataTable containing the details of the reason for the score.

The scoring is split into two sections - Additions and Deductions.


In the additions section of the code, we add to the overall score for things which make the password 'good'. In my code, we check the following:

  • Score += (Password Length *4)
  • Score += ((Password Length - Number of Upper Case Letters)*2)
  • Score += ((Password Length - Number of Lower Case Letters)*2)
  • Score += (Number of Digits * 4)
  • Score += (Number of Symbols * 6)
  • Score += (Number of Digits or Symbols in the Middle of the Password) * 2
  • If (Number of Requirements Met > 3) then Score += (Number of Requirements Met * 2)

Requirements are:

  1. Password Length >= 8
  2. Contains Uppercase Letters (A-Z)
  3. Contains Lowercase Letters (a-z)
  4. Contains Digits (0-9)
  5. Contains Symbols (Char.IsSymbol(ch) or Char.IsPunctuation(ch))


In the deductions section of the code, we subtract from the overall score for things which make the password 'weak'. In my code, we check the following:

  • IF Password is all letters THEN Score -= (Password length)
  • IF Password is all digits THEN Score -= (Password length)
  • IF Password has repeated characters THEN Score -= (Number of repeated characters * (Number of repeated characters -1)
  • IF Password has consecutive uppercase letters THEN Score -= (Number of consecutive uppercase characters * 2)
  • IF Password has consecutive lowercase letters THEN Score -= (Number of consecutive lowercase characters * 2)
  • IF Password has consecutive digits THEN Score -= (Number of consecutive digits * 2)
  • IF Password has sequential letters THEN Score -= (Number of sequential letters * 3) E.g.: ABCD or DCBA.
  • IF Password has sequential digits THEN Score -= (Number of sequential digits * 3) E.g.: 1234 or 4321.

Using the Code

Using the code could not be simpler. Add the PasswordStrength.cs file to your project, and then add the namespace to your using section. Then use the code below. All it does is to create a new object of type PasswordStrength, and then you set the password, and read back the score and other details as needed.

PasswordStrength pwdStrength = new PasswordStrength();
int score = pwdStrength.GetScore();
string ScoreDescription = pwdStrength.GetPasswordStrength();
DataTable dtScoreDetails=pwdStrength.GetStrengthDetails();

To use the user control, add the PasswordStrength.cs and PasswordStrengthControl.cs files to your project. Add the namespace to your using section, and build the code. Then, drag and drop the PasswordStrength control onto your Windows Form. In the code, you can call the SetPassword(string Password) method of the control. The control will update itself accordingly.

That is all there is to the code. It is not complex, but solves a small problem. You can use the code as you like, but please let me know if you do use the code.


  • 16th February, 2010: Initial post.
  • 20th February, 2010: Article text updated.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Peter Tewkesbury
Software Developer (Senior)
United Kingdom United Kingdom
Hi, I am a developer working in Cheshire, England. I started programming on a Vic-20 back in the 80's with only 5K of ram), and I have not looked back since. I have developed software using Visual C/C++, C#/.NET, MFC, ATL & ASP.NET, SQL Server, Crystal Reports, DevExpress .NET Components, WinForms, SQL Server client side reporting.
My favourite language is C# on .NET V3.5 and I am always trying to learn new stuff like LINQ.

Comments and Discussions

GeneralMy vote of 5 PinmemberMember 104784065-Dec-14 8:16 
GeneralRe: My vote of 5 PinmemberPeter Tewkesbury6-Dec-14 5:32 
GeneralMy vote of 5 PinmemberHüseyin Sekmenoğlu18-Jan-13 23:40 
GeneralRe: My vote of 5 PinmemberPeter Tewkesbury6-Dec-14 5:32 
QuestionCannot open this project in VS 2008 or VS 2010. Is a newer version available? Pinmemberjroughgarden12-Sep-12 13:37 
AnswerRe: Cannot open this project in VS 2008 or VS 2010. Is a newer version available? PinmemberPeter Tewkesbury12-Sep-12 22:46 
GeneralObectivated version Pinmemberodahan30-Jul-10 19:34 
GeneralRe: Obectivated version PinmemberPeter Tewkesbury30-Jul-10 23:25 
GeneralRe: Obectivated version Pinmemberodahan31-Jul-10 8:13 
GeneralMy vote of 2 Pinmembercariolihome23-Feb-10 11:23 
GeneralRe: My vote of 2 PinmemberPeter Tewkesbury30-Jul-10 23:28 
Generalkeepass has a very good implementation PinmemberUnruled Boy22-Feb-10 5:06 
GeneralRe: keepass has a very good implementation PinmemberPeter Tewkesbury30-Jul-10 23:35 
GeneralBuggy Pinmemberxliqz22-Feb-10 0:02 
I like the idea, but it is buggy.
For example:
z8s7f63uj2l2js shows 62% strongness, but when you add one 's' it drops to 0% Very Weak.
Could also add some heurestics for such combos as q1w2e3r4t5 et cera.
So 1w2e3r4t5y6u7 shows up as 100% Very Strong, but smashing the keyb randomly most of the time gives me 0-40%..
GeneralRe: Buggy PinmemberPeter Tewkesbury30-Jul-10 23:34 
GeneralRe: Buggy [modified] Pinmemberjtitley20-Jun-11 22:51 
GeneralWow! PinmemberAnt210017-Feb-10 13:56 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150327.1 | Last Updated 21 Feb 2010
Article Copyright 2010 by Peter Tewkesbury
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid