Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Password Strength Control

0.00/5 (No votes)
21 Feb 2010 2  
Determine the strength of a user entered password.

ChangePassword.png

Introduction

I am currently working on a number of small applications for personal use, all of which require a password to keep the data and application more secure. To ensure that I can only enter a strong password, I decided to create a password strength control which would display how strong the password is - like you get when signing up with lots of websites - where they say Weak, Good, Strong, or Very Strong. To this end, I looked on the Internet for any code, and I could not find much. I did find this website: http://www.passwordmeter.com/[^]. This website seems to me to have a good way of checking password strength, not just checking length or upper and lower case letters. This website also allows you to download the source for this, but it is in JavaScript, and I am writing a C# application, so I decided to use this method of checking the password strength and write my own implementation.

Below is a screenshot of the demo application I used to test the code. The actual PasswordStrengthControl is the brightly coloured box containing the word 'Good'. The table below contains the details of how the password is scored.

PasswordMeter

The Code

The code is split into a class to check the password (PasswordStrength.cs) and a UserControl class (PasswordStrengthControl.cs). There is nothing special about the code. The PasswordStrength class determines the password strength and allows the caller to get the strength as a value (0 to 100), a textual description (Very Weak, Weak, Good, Strong, Very Strong), and a DataTable containing the details of the reason for the score.

The scoring is split into two sections - Additions and Deductions.

Additions

In the additions section of the code, we add to the overall score for things which make the password 'good'. In my code, we check the following:

  • Score += (Password Length *4)
  • Score += ((Password Length - Number of Upper Case Letters)*2)
  • Score += ((Password Length - Number of Lower Case Letters)*2)
  • Score += (Number of Digits * 4)
  • Score += (Number of Symbols * 6)
  • Score += (Number of Digits or Symbols in the Middle of the Password) * 2
  • If (Number of Requirements Met > 3) then Score += (Number of Requirements Met * 2)

Requirements are:

  1. Password Length >= 8
  2. Contains Uppercase Letters (A-Z)
  3. Contains Lowercase Letters (a-z)
  4. Contains Digits (0-9)
  5. Contains Symbols (Char.IsSymbol(ch) or Char.IsPunctuation(ch))

Deductions

In the deductions section of the code, we subtract from the overall score for things which make the password 'weak'. In my code, we check the following:

  • IF Password is all letters THEN Score -= (Password length)
  • IF Password is all digits THEN Score -= (Password length)
  • IF Password has repeated characters THEN Score -= (Number of repeated characters * (Number of repeated characters -1)
  • IF Password has consecutive uppercase letters THEN Score -= (Number of consecutive uppercase characters * 2)
  • IF Password has consecutive lowercase letters THEN Score -= (Number of consecutive lowercase characters * 2)
  • IF Password has consecutive digits THEN Score -= (Number of consecutive digits * 2)
  • IF Password has sequential letters THEN Score -= (Number of sequential letters * 3) E.g.: ABCD or DCBA.
  • IF Password has sequential digits THEN Score -= (Number of sequential digits * 3) E.g.: 1234 or 4321.

Using the Code

Using the code could not be simpler. Add the PasswordStrength.cs file to your project, and then add the namespace to your using section. Then use the code below. All it does is to create a new object of type PasswordStrength, and then you set the password, and read back the score and other details as needed.

PasswordStrength pwdStrength = new PasswordStrength();
pwdStrength.SetPassword("PasswordUnderTest");
int score = pwdStrength.GetScore();
string ScoreDescription = pwdStrength.GetPasswordStrength();
DataTable dtScoreDetails=pwdStrength.GetStrengthDetails();

To use the user control, add the PasswordStrength.cs and PasswordStrengthControl.cs files to your project. Add the namespace to your using section, and build the code. Then, drag and drop the PasswordStrength control onto your Windows Form. In the code, you can call the SetPassword(string Password) method of the control. The control will update itself accordingly.

That is all there is to the code. It is not complex, but solves a small problem. You can use the code as you like, but please let me know if you do use the code.

History

  • 16th February, 2010: Initial post.
  • 20th February, 2010: Article text updated.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here