Click here to Skip to main content
15,867,686 members
Articles / Desktop Programming / Windows Forms

Password Strength Control

Rate me:
Please Sign up or sign in to vote.
4.76/5 (26 votes)
21 Feb 2010CPOL4 min read 103.9K   6.6K   103   22
Determine the strength of a user entered password.

ChangePassword.png

Introduction

I am currently working on a number of small applications for personal use, all of which require a password to keep the data and application more secure. To ensure that I can only enter a strong password, I decided to create a password strength control which would display how strong the password is - like you get when signing up with lots of websites - where they say Weak, Good, Strong, or Very Strong. To this end, I looked on the Internet for any code, and I could not find much. I did find this website: http://www.passwordmeter.com/[^]. This website seems to me to have a good way of checking password strength, not just checking length or upper and lower case letters. This website also allows you to download the source for this, but it is in JavaScript, and I am writing a C# application, so I decided to use this method of checking the password strength and write my own implementation.

Below is a screenshot of the demo application I used to test the code. The actual PasswordStrengthControl is the brightly coloured box containing the word 'Good'. The table below contains the details of how the password is scored.

PasswordMeter

The Code

The code is split into a class to check the password (PasswordStrength.cs) and a UserControl class (PasswordStrengthControl.cs). There is nothing special about the code. The PasswordStrength class determines the password strength and allows the caller to get the strength as a value (0 to 100), a textual description (Very Weak, Weak, Good, Strong, Very Strong), and a DataTable containing the details of the reason for the score.

The scoring is split into two sections - Additions and Deductions.

Additions

In the additions section of the code, we add to the overall score for things which make the password 'good'. In my code, we check the following:

  • Score += (Password Length *4)
  • Score += ((Password Length - Number of Upper Case Letters)*2)
  • Score += ((Password Length - Number of Lower Case Letters)*2)
  • Score += (Number of Digits * 4)
  • Score += (Number of Symbols * 6)
  • Score += (Number of Digits or Symbols in the Middle of the Password) * 2
  • If (Number of Requirements Met > 3) then Score += (Number of Requirements Met * 2)

Requirements are:

  1. Password Length >= 8
  2. Contains Uppercase Letters (A-Z)
  3. Contains Lowercase Letters (a-z)
  4. Contains Digits (0-9)
  5. Contains Symbols (Char.IsSymbol(ch) or Char.IsPunctuation(ch))

Deductions

In the deductions section of the code, we subtract from the overall score for things which make the password 'weak'. In my code, we check the following:

  • IF Password is all letters THEN Score -= (Password length)
  • IF Password is all digits THEN Score -= (Password length)
  • IF Password has repeated characters THEN Score -= (Number of repeated characters * (Number of repeated characters -1)
  • IF Password has consecutive uppercase letters THEN Score -= (Number of consecutive uppercase characters * 2)
  • IF Password has consecutive lowercase letters THEN Score -= (Number of consecutive lowercase characters * 2)
  • IF Password has consecutive digits THEN Score -= (Number of consecutive digits * 2)
  • IF Password has sequential letters THEN Score -= (Number of sequential letters * 3) E.g.: ABCD or DCBA.
  • IF Password has sequential digits THEN Score -= (Number of sequential digits * 3) E.g.: 1234 or 4321.

Using the Code

Using the code could not be simpler. Add the PasswordStrength.cs file to your project, and then add the namespace to your using section. Then use the code below. All it does is to create a new object of type PasswordStrength, and then you set the password, and read back the score and other details as needed.

C#
PasswordStrength pwdStrength = new PasswordStrength();
pwdStrength.SetPassword("PasswordUnderTest");
int score = pwdStrength.GetScore();
string ScoreDescription = pwdStrength.GetPasswordStrength();
DataTable dtScoreDetails=pwdStrength.GetStrengthDetails();

To use the user control, add the PasswordStrength.cs and PasswordStrengthControl.cs files to your project. Add the namespace to your using section, and build the code. Then, drag and drop the PasswordStrength control onto your Windows Form. In the code, you can call the SetPassword(string Password) method of the control. The control will update itself accordingly.

That is all there is to the code. It is not complex, but solves a small problem. You can use the code as you like, but please let me know if you do use the code.

History

  • 16th February, 2010: Initial post.
  • 20th February, 2010: Article text updated.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer (Senior)
United Kingdom United Kingdom
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
Praise+5 Pin
Joezer BH3-Jun-18 3:31
professionalJoezer BH3-Jun-18 3:31 
PraiseThanks for providing this! Pin
GeoDosch18-Nov-17 3:56
GeoDosch18-Nov-17 3:56 
Questiongreat! Pin
anders k9-May-16 6:31
anders k9-May-16 6:31 
GeneralMy vote of 5 Pin
JayantaChatterjee19-Apr-15 23:36
professionalJayantaChatterjee19-Apr-15 23:36 
GeneralMy vote of 5 Pin
Member 104784065-Dec-14 7:16
Member 104784065-Dec-14 7:16 
GeneralRe: My vote of 5 Pin
Peter Tewkesbury6-Dec-14 4:32
professionalPeter Tewkesbury6-Dec-14 4:32 
GeneralMy vote of 5 Pin
Hüseyin Sekmenoğlu18-Jan-13 22:40
Hüseyin Sekmenoğlu18-Jan-13 22:40 
GeneralRe: My vote of 5 Pin
Peter Tewkesbury6-Dec-14 4:32
professionalPeter Tewkesbury6-Dec-14 4:32 
QuestionCannot open this project in VS 2008 or VS 2010. Is a newer version available? Pin
jroughgarden12-Sep-12 12:37
jroughgarden12-Sep-12 12:37 
AnswerRe: Cannot open this project in VS 2008 or VS 2010. Is a newer version available? Pin
Peter Tewkesbury12-Sep-12 21:46
professionalPeter Tewkesbury12-Sep-12 21:46 
GeneralObectivated version Pin
KNH Prod30-Jul-10 18:34
KNH Prod30-Jul-10 18:34 
GeneralRe: Obectivated version Pin
Peter Tewkesbury30-Jul-10 22:25
professionalPeter Tewkesbury30-Jul-10 22:25 
GeneralRe: Obectivated version Pin
KNH Prod31-Jul-10 7:13
KNH Prod31-Jul-10 7:13 
PraiseRe: Obectivated version Pin
Joezer BH3-Jun-18 3:30
professionalJoezer BH3-Jun-18 3:30 
GeneralMy vote of 2 Pin
cariolihome23-Feb-10 10:23
cariolihome23-Feb-10 10:23 
GeneralRe: My vote of 2 Pin
Peter Tewkesbury30-Jul-10 22:28
professionalPeter Tewkesbury30-Jul-10 22:28 
Generalkeepass has a very good implementation Pin
Huisheng Chen22-Feb-10 4:06
Huisheng Chen22-Feb-10 4:06 
GeneralRe: keepass has a very good implementation Pin
Peter Tewkesbury30-Jul-10 22:35
professionalPeter Tewkesbury30-Jul-10 22:35 
GeneralBuggy Pin
xliqz21-Feb-10 23:02
xliqz21-Feb-10 23:02 
GeneralRe: Buggy Pin
Peter Tewkesbury30-Jul-10 22:34
professionalPeter Tewkesbury30-Jul-10 22:34 
GeneralRe: Buggy Pin
jtitley20-Jun-11 21:51
jtitley20-Jun-11 21:51 
GeneralWow! Pin
Anthony Daly17-Feb-10 12:56
Anthony Daly17-Feb-10 12:56 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.