none
How to Check for Password Strength

    Question

  • Hii all!!

    Well i want to know about how to check for the password entered by the user in a textbox??

    When a user enters some characters in textbox, i want to show a label which will tell about the strength of password, that is it strong, weak , poor...

    can any one suggest me some code..


    I had googled for it.. & found a class file, but on building that class file an error is occuring..

    Errors are:
    1 Cannot implicitly convert type 'System.Text.RegularExpressions.Match' to 'bool'

    2 Operator '&&' cannot be applied to operands of type 'System.Text.RegularExpressions.Match' and 'System.Text.RegularExpressions.Match'


    the class file is here::---
      public class PasswordAdvisor
    
      {
      enum PasswordScore
      {
      Blank = 0,
      VeryWeak = 1,
      Weak = 2,
      Medium = 3,
      Strong = 4,
      VeryStrong = 5
      }
       
      public static PasswordScore CheckStrength(string password)
      {
      int score = 1;
       
      if (password.Length < 1)
      return PasswordScore.Blank;
      if (password.Length < 4)
      return PasswordScore.VeryWeak;
       
      if (password.Length >= 6)
      score++;
      if (password.Length >= 12)
      score++;
      if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript))
      score++;
      if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript) &&
      Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript))
      score++;
      if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript))
      score++;
       
      return (PasswordScore)score;
      }}
    
    
    
    Wednesday, May 04, 2011 10:57 AM

Answers

  • Check this out:

    enum PasswordScore
        {
          Blank = 0,
          VeryWeak = 1,
          Weak = 2,
          Medium = 3,
          Strong = 4,
          VeryStrong = 5
        }
    
        private static PasswordScore CheckingPasswordStrength(string password)
        {
          int score = 1;
          if (password.Length < 1)
            return PasswordScore.Blank;
          if (password.Length < 4)
            return PasswordScore.VeryWeak;
    
          if (password.Length >= 8)
            score++;
          if (password.Length >= 12)
            score++;
          if (Regex.IsMatch(password, @"[0-9]+(\.[0-9][0-9]?)?", RegexOptions.ECMAScript))   //number only //"^\d+$" if you need to match more than one digit.
            score++;
          if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z]).+$", RegexOptions.ECMAScript)) //both, lower and upper case
            score++;
          if (Regex.IsMatch(password, @"[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]", RegexOptions.ECMAScript)) //^[A-Z]+$
            score++;
          return (PasswordScore)score;
        }
    


    Mitja
    • Marked as answer by anish99virgo Tuesday, May 10, 2011 8:05 AM
    Wednesday, May 04, 2011 3:53 PM
  • using System.Text;
    using System.Text.RegularExpressions;
    
      public enum PasswordScore
      {
        Blank = 0,
        VeryWeak = 1,
        Weak = 2,
        Medium = 3,
        Strong = 4,
        VeryStrong = 5
      }
    
      public class PasswordAdvisor
      {
        public static PasswordScore CheckStrength(string password)
        {
          int score = 1;
    
          if (password.Length < 1)
            return PasswordScore.Blank;
          if (password.Length < 4)
            return PasswordScore.VeryWeak;
    
          if (password.Length >= 8)
            score++;
          if (password.Length >= 12)
            score++;
          if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript).Success)
            score++;
          if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript).Success &&
            Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript).Success)
            score++;
          if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript).Success)
            score++;
    
          return (PasswordScore)score;
        }
      }
    
    

    Thanks,
    A.m.a.L
    [MVP Visual C#]
    Dot Net Goodies
    Don't hate the hacker, hate the code
    • Marked as answer by anish99virgo Tuesday, May 10, 2011 8:06 AM
    Wednesday, May 04, 2011 11:12 AM

All replies

  • using System.Text;
    using System.Text.RegularExpressions;
    
      public enum PasswordScore
      {
        Blank = 0,
        VeryWeak = 1,
        Weak = 2,
        Medium = 3,
        Strong = 4,
        VeryStrong = 5
      }
    
      public class PasswordAdvisor
      {
        public static PasswordScore CheckStrength(string password)
        {
          int score = 1;
    
          if (password.Length < 1)
            return PasswordScore.Blank;
          if (password.Length < 4)
            return PasswordScore.VeryWeak;
    
          if (password.Length >= 8)
            score++;
          if (password.Length >= 12)
            score++;
          if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript).Success)
            score++;
          if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript).Success &&
            Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript).Success)
            score++;
          if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript).Success)
            score++;
    
          return (PasswordScore)score;
        }
      }
    
    

    Thanks,
    A.m.a.L
    [MVP Visual C#]
    Dot Net Goodies
    Don't hate the hacker, hate the code
    • Marked as answer by anish99virgo Tuesday, May 10, 2011 8:06 AM
    Wednesday, May 04, 2011 11:12 AM
  • Based on a quick look. I think you should call IsMatch() instead of Match().

    Your only interested if the string contains some characters and not in the matched characters.

     

    • Proposed as answer by Jesse Houwing Wednesday, May 04, 2011 5:45 PM
    Wednesday, May 04, 2011 11:13 AM
  • Check this Password Strength Sample

    http://www.codeproject.com/KB/miscctrl/PasswordStrengthControl.aspx


    Please "Mark as Answer" if this post answered your question. :)

    Kalpesh Chhatrala | Software Developer | Rajkot | India

    Kalpesh 's Blog

    VFP Form to C#, Vb.Net Conversion Utility
    Wednesday, May 04, 2011 11:46 AM
  • Hay Gr8 answer....
    Thanks
    Md. Marufuzzaman
    Don't forget to click [Vote] / [Good Answer] on the post(s) that helped you.
    I will not say I have failed 1000 times; I will say that I have discovered 1000 ways that can cause failure – Thomas Edison.
    Wednesday, May 04, 2011 3:07 PM
  • Check this out:

    enum PasswordScore
        {
          Blank = 0,
          VeryWeak = 1,
          Weak = 2,
          Medium = 3,
          Strong = 4,
          VeryStrong = 5
        }
    
        private static PasswordScore CheckingPasswordStrength(string password)
        {
          int score = 1;
          if (password.Length < 1)
            return PasswordScore.Blank;
          if (password.Length < 4)
            return PasswordScore.VeryWeak;
    
          if (password.Length >= 8)
            score++;
          if (password.Length >= 12)
            score++;
          if (Regex.IsMatch(password, @"[0-9]+(\.[0-9][0-9]?)?", RegexOptions.ECMAScript))   //number only //"^\d+$" if you need to match more than one digit.
            score++;
          if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z]).+$", RegexOptions.ECMAScript)) //both, lower and upper case
            score++;
          if (Regex.IsMatch(password, @"[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]", RegexOptions.ECMAScript)) //^[A-Z]+$
            score++;
          return (PasswordScore)score;
        }
    


    Mitja
    • Marked as answer by anish99virgo Tuesday, May 10, 2011 8:05 AM
    Wednesday, May 04, 2011 3:53 PM
  • @Mitja, no need to use ECMAScript for the expressions, ECMAScript is usually slower than a regularly typed expression.

    It would make sure the expressions can be interchanged between Javascript and .NET.

    Wednesday, May 04, 2011 5:47 PM
  • using Mitja and Jesse suggestions:

    I implemented the following in mine application:

    public enum PasswordScore
    {
       Blank = 0,
       VeryWeak = 1,
       Weak = 2,
       Medium = 3,
       Strong = 4,
       VeryStrong = 5
    }
    public static PasswordScore CheckStrength(string password)
    {
       int score = 1;
       if (password.Length < 1)
          return PasswordScore.Blank;
       if (password.Length < 4)
          return PasswordScore.VeryWeak;
       if (password.Length >= 8) score++;
       if (password.Length >= 12) score++;
       if (Regex.IsMatch(password, @"[0-9]+(\.[0-9][0-9]?)?"))   //number only //"^\d+$" if you need to match more than one digit.
          score++;
       if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z]).+$")) //both, lower and upper case
          score++;
       if (Regex.IsMatch(password, @"[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]")) //^[A-Z]+$
          score++;
       return (PasswordScore)score;
    }

    I hope someone will find it useful as in mine application


    • Edited by fs - ab Saturday, August 11, 2012 5:34 AM
    Saturday, August 11, 2012 3:54 AM