Add a Password Strength indicator,
mark tomlinson
2011-02-15
How does this sound as a basic algorithm?
Password Strength Algorithm:
Password Length:
5 Points: Less than 4 characters
10 Points: 5 to 7 characters
25 Points: 8 or more
Letters:
0 Points: No letters
10 Points: Letters are all lower case
20 Points: Letters are upper case and lower case
Numbers:
0 Points: No numbers
10 Points: 1 number
20 Points: 3 or more numbers
Characters:
0 Points: No characters
10 Points: 1 character
25 Points: More than 1 character
Bonus:
2 Points: Letters and numbers
3 Points: Letters, numbers, and characters
5 Points: Mixed case letters, numbers, and characters
Password Text Range:
>= 90: Very Secure
>= 80: Secure
>= 70: Very Strong
>= 60: Strong
>= 50: Average
>= 25: Weak
>= 0: Very Weak
Mirko
2011-02-18
Good idea, I also find this project https://sourceforge.net/projects/jptapi/ on Sourceforge may be we can integrate this.
Mirko
Mirko
2011-02-18
There is also this one.
http://justwild.us/examples/password/
Mirko
Mirko
2011-02-21
I've tryed http://justwild.us/examples/password/ and it works fine, it have a function that return a boolean value True if it is enough streight or False if it isn't and give back this information:
true
very strong - 79
12 points for length (15)
1 point for a lower case character
5 point for an upper case character
5 points for a number
2 points for at least two numbers
3 points for at least three numbers
5 points for a special character
5 points for at least two special characters
2 combo points for upper and lower letters
2 combo points for letters and numbers
2 combo points for letters, numbers and special chars
2 combo points for upper and lower case letters, numbers and special chars
I think we can use this.
Mirko
Mirko
2011-03-02
Mirko
2011-03-30
I found an interesting article (http://pthree.org/2011/03/07/strong-passwords-need-entropy/) about Password Entropy.
We can also add this information to the Password Streight indicator.
Extract from the article:
Any message contains some amount of entropy, and we can measure that entropy in binary bits. The formula for calculating this entropy is:
H = L * log_2(N)
H is the size of the message measured in binary bits. L is the length of the message- in our case, the length of your password. log_2() is the log function, base 2, and N is the number of possible symbols in the password (only lowercase letters provide 26 possible characters, uppercase provide an additional 26 possible characters, the digits provide 10 possible characters and punctuation provides 32 possible characters on an United States English keyboard). I rewrote the equation, so you could find it using your calculator:
H = L * log(N) / log(2)
Having this formula makes calculating the entropy of passwords straight forward. Here are some examples:
* password: 38 bits (8 * log_2(26)
* RedSox: 34 bits (6 * log_2(52))
* B1gbRother|$alw4ysriGHt!?: 164 bits (26 * log_2(94))
* deer2010: 41 bits (8 * log_2(36))
* l33th4x0r: 46 bits (9 * log_2(36))
* !Aaron08071999Keri|: 131 bits (28 * log_2(94))
* PassWord: 46 bits (8 * log_2(52))
* 4pRte!aii@3: 78 bits (12 * log_2(94))
Charles McCann
2012-12-31
Diff:
--- old +++ new @@ -1 +1 @@ -Add a Password Streight indicator, +Add a Password Strength indicator,