Click here to Skip to main content
15,393,863 members
Articles / Web Development / HTML
Posted 18 Jun 2007


95 bookmarked

Google Password Strength API

Rate me:
Please Sign up or sign in to vote.
4.45/5 (17 votes)
9 Nov 2007CPOL3 min read
An ASP.NET control for the Google Password Strength API.

Screenshot - GooglePasswordStrength.gif


Do you have an iGoogle Account? Well, if you are like the rest of the world that use the Internet, you will have, which also means that you have seen the very cool (and useful) "Password strength" control.

This control has a very intelligent API to determine if the password you entered is any good. It is "intelligent" in the fact that it does not just check that you have a password that is larger than six characters; e.g., a password "aaaaaaaaaaaa" will come out as "Weak", "my password" as "Good", and "grty3657DF?£hr4" as (yes you guessed it!) "Strong".

The big secret is this is actually a public API from Google, to which you can pass a password and it will return the password strength from 1 (least secure) to 4 (most secure). You can view it here.

And here is the "but", there is no interface for the control and it is not openly advertised by Google.


When I found a use for such a control on a website I'm currently building, I first looked at the Microsoft AJAX Toolkit. At first, this worked great; however, I felt that the algorithm used was not as strong as the Google one, and I kept on getting JavaScript errors due to that control.

Bring on this control.

Using the code

The easiest way is to add a reference to the GooglePasswordStrength.dll, then add a section into the web.config:

        <add tagPrefix="google" namespace="GooglePasswordStrength" 

Then, add the control to your page, and attach it to an asp:TextBox.

        <td><asp:TextBox ID="txtPassword" runat="server" /></td>
        <td><google:PasswordStrength ID="PS" 
                CssClass="password" runat="server" /></td>

Points of interest

The control utilises AJAX, but does not require any third party AJAX library. However, if your application uses the Microsoft AJAX Library, the control invokes a Client Script Proxy that was written by Rick Strahl to handle all the client scripts.

Known issues

The XMLHttpRequest makes a call to the Google Password Strength API directly, so some browser settings may cause a "Permission Denied" error. This is because the XMLHttpRequest is making a call to a page outside of the local domain. In Microsoft Internet Explorer, you can change this setting under the Security Custom Level settings. Look for "Miscellaneous -> Access data sources across domains".

For a more robust, permanent solution, you will need to change the call to a page on the same domain and make a WebRequest to the Google API from there.


  1. In the GooglePasswordStrength.Web Project, create a new WebForm called GetPassword.aspx.
  2. In GetPassword.aspx, delete all the lines except the @Page directive line.
  3. Open GetPassword.aspx.cs.
  4. In the Page_Load method, add the following code:
  5. C#
    string passwd = Request.QueryString["Passwd"];
    string GUrl = string.Format("" + 
                  "accounts/RatePassword?Passwd={0}", passwd);
    WebRequest webRequest = WebRequest.Create(GUrl);
    WebResponse webResponse = webRequest.GetResponse();
    StreamReader reader = new StreamReader(webResponse.GetResponseStream());
  6. Open PasswordStrength.js.
  7. On line 76, there is the method. Replace "" with "GetPassword.aspx?Passwd=".
  8. Also, in the PasswordStrength.js file, replace all instances of "innerText" with "innerHTML" (I later found out that innerText is IE only).

Now, the XmlHttpRequestObject will make a call to a file on the same domain, and you will no longer get the security error.


  • November 2007 - Added a second demo, which uses the updated code above.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Roger Chapman
Software Developer (Senior) Storm ID Ltd.
United Kingdom United Kingdom
No Biography provided

Comments and Discussions

QuestionUrl is Unavailable Pin
GerVenson16-Aug-17 6:13
professionalGerVenson16-Aug-17 6:13 
Questionsir i am using this in mvc4 razor view engine Pin
Member 1189843627-Oct-15 0:22
MemberMember 1189843627-Oct-15 0:22 
QuestionUse this API with Winforms Pin
MTeefy18-May-15 3:50
MemberMTeefy18-May-15 3:50 
Generalfacing a problem in running ur demo.. Pin
Jai P30-Nov-10 18:47
MemberJai P30-Nov-10 18:47 
QuestionDoes PasswordStrength Control have Multilingual support ? Pin
Xig from India18-Nov-09 18:08
MemberXig from India18-Nov-09 18:08 
GeneralProblem when the control is invisible on page load Pin
dc9917-Apr-09 1:40
Memberdc9917-Apr-09 1:40 
GeneralProblem using Login and CreateUserWizard controls Pin
Member 125823623-Jan-09 4:45
MemberMember 125823623-Jan-09 4:45 
GeneralCannot register the DLL Pin
Bhavna Vij6-Aug-08 3:35
MemberBhavna Vij6-Aug-08 3:35 
GeneralRe: Cannot register the DLL Pin
Roger Chapman6-Aug-08 5:16
MemberRoger Chapman6-Aug-08 5:16 
QuestionOk, I am doing some things incorrectly obvioulsy... Pin
topdog5018-Jul-08 10:31
Membertopdog5018-Jul-08 10:31 
AnswerRe: Ok, I am doing some things incorrectly obvioulsy... Pin
Roger Chapman20-Jul-08 22:27
MemberRoger Chapman20-Jul-08 22:27 
QuestionChecking the strength Pin
wes lowe19-Jun-08 3:55
Memberwes lowe19-Jun-08 3:55 
AnswerRe: Checking the strength Pin
Roger Chapman19-Jun-08 4:05
MemberRoger Chapman19-Jun-08 4:05 
QuestionRe: Checking the strength Pin
wes lowe19-Jun-08 4:42
Memberwes lowe19-Jun-08 4:42 
AnswerRe: Checking the strength Pin
Roger Chapman19-Jun-08 4:55
MemberRoger Chapman19-Jun-08 4:55 
GeneralRe: Checking the strength Pin
wes lowe19-Jun-08 5:26
Memberwes lowe19-Jun-08 5:26 
GeneralHave a bug.. Pin
rodrigosor10-Jun-08 16:33
Memberrodrigosor10-Jun-08 16:33 
AnswerRe: Have a bug.. Pin
Roger Chapman10-Jun-08 22:13
MemberRoger Chapman10-Jun-08 22:13 
GeneralGoogle Password Strength API - demo2 not working Pin
Leelavathy22-May-08 5:14
MemberLeelavathy22-May-08 5:14 
AnswerRe: Google Password Strength API - demo2 not working Pin
Roger Chapman22-May-08 5:25
MemberRoger Chapman22-May-08 5:25 
GeneralRe: Google Password Strength API - demo2 not working Pin
Leelavathy23-May-08 4:49
MemberLeelavathy23-May-08 4:49 
AnswerRe: Google Password Strength API - demo2 not working Pin
Roger Chapman23-May-08 6:26
MemberRoger Chapman23-May-08 6:26 
Questioni could not run your control Pin
Ehsan Golkar28-Sep-07 2:20
MemberEhsan Golkar28-Sep-07 2:20 
AnswerRe: i could not run your control Pin
Roger Chapman28-Sep-07 2:26
MemberRoger Chapman28-Sep-07 2:26 
GeneralRe: i could not run your control Pin
Ehsan Golkar28-Sep-07 9:55
MemberEhsan Golkar28-Sep-07 9:55 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.