BlackWaspTM

This web site uses cookies. By using the site you accept the cookie policy.This message is for compliance with the UK ICO law.

Security
.NET 1.1+

Checking Password Strength

Many computer systems require that a password is provided before permitting access to sensitive data. As some passwords are easy to crack using brute force techniques, it is common to give the user feedback to show the strength of their selected password.

Example Password Scores

We can demonstrate the use of the class by generating some password scores and strengths for some strings. The code below generates scores for five passwords. The scores are shown in the comments.

PasswordStrengthChecker checker = new PasswordStrengthChecker();
int score;

score = checker.GeneratePasswordScore("pwd");           // 28
score = checker.GeneratePasswordScore("password");      // 58
score = checker.GeneratePasswordScore("P45Sword");      // 78
score = checker.GeneratePasswordScore("P45Sword!");     // 89
score = checker.GeneratePasswordScore("ASriws34#!");    // 100

We can use the same passwords with the GetPasswordStrength method to see the ranges that the passwords fall within. This is shown below:

PasswordStrength strength;

strength = checker.GetPasswordStrength("pwd");          // Unacceptable
strength = checker.GetPasswordStrength("password");     // Weak
strength = checker.GetPasswordStrength("P45Sword");     // Ok
strength = checker.GetPasswordStrength("P45Sword!");    // Strong
strength = checker.GetPasswordStrength("ASriws34#!");   // Secure

A Final Note on Passwords

The use of strong passwords should be promoted for software that holds personal or sensitive information. However, a strong password should not be the only protection. You should always use other techniques such as detecting possible attempts to compromise a password and locking the account that is under attack. You should also ensure that passwords are always encrypted; they should never be held in plain text.

19 September 2011