How to Check for Password Strength

Question

Hii all!!

Well i want to know about how to check for the password entered by the user in a textbox??

When a user enters some characters in textbox, i want to show a label which will tell about the strength of password, that is it strong, weak , poor...

can any one suggest me some code..

I had googled for it.. & found a class file, but on building that class file an error is occuring..

Errors are:
1 Cannot implicitly convert type 'System.Text.RegularExpressions.Match' to 'bool'

2 Operator '&&' cannot be applied to operands of type 'System.Text.RegularExpressions.Match' and 'System.Text.RegularExpressions.Match'


the class file is here::---

  public class PasswordAdvisor

  {
  enum PasswordScore
  {
  Blank = 0,
  VeryWeak = 1,
  Weak = 2,
  Medium = 3,
  Strong = 4,
  VeryStrong = 5
  }
   
  public static PasswordScore CheckStrength(string password)
  {
  int score = 1;
   
  if (password.Length < 1)
  return PasswordScore.Blank;
  if (password.Length < 4)
  return PasswordScore.VeryWeak;
   
  if (password.Length >= 6)
  score++;
  if (password.Length >= 12)
  score++;
  if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript))
  score++;
  if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript) &&
  Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript))
  score++;
  if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript))
  score++;
   
  return (PasswordScore)score;
  }}

Answer 1

using System.Text;
using System.Text.RegularExpressions;

  public enum PasswordScore
  {
    Blank = 0,
    VeryWeak = 1,
    Weak = 2,
    Medium = 3,
    Strong = 4,
    VeryStrong = 5
  }

  public class PasswordAdvisor
  {
    public static PasswordScore CheckStrength(string password)
    {
      int score = 1;

      if (password.Length < 1)
        return PasswordScore.Blank;
      if (password.Length < 4)
        return PasswordScore.VeryWeak;

      if (password.Length >= 8)
        score++;
      if (password.Length >= 12)
        score++;
      if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript).Success)
        score++;
      if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript).Success &&
        Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript).Success)
        score++;
      if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript).Success)
        score++;

      return (PasswordScore)score;
    }
  }

---

Thanks, A.m.a.L [MVP Visual C#] Dot Net Goodies
Don't hate the hacker, hate the code

Answer 2

Based on a quick look. I think you should call IsMatch() instead of Match().

Your only interested if the string contains some characters and not in the matched characters.

 

Answer 3

Check this Password Strength Sample

http://www.codeproject.com/KB/miscctrl/PasswordStrengthControl.aspx

---

Please "Mark as Answer" if this post answered your question. :)

Kalpesh Chhatrala | Software Developer | Rajkot | India

Kalpesh 's Blog

VFP Form to C#, Vb.Net Conversion Utility

Answer 4

Hay Gr8 answer....

---

Thanks
Md. Marufuzzaman

---

Don't forget to click [Vote] / [Good Answer] on the post(s) that helped you.
I will not say I have failed 1000 times; I will say that I have discovered 1000 ways that can cause failure – Thomas Edison.

Answer 5

Check this out:

enum PasswordScore
    {
      Blank = 0,
      VeryWeak = 1,
      Weak = 2,
      Medium = 3,
      Strong = 4,
      VeryStrong = 5
    }

    private static PasswordScore CheckingPasswordStrength(string password)
    {
      int score = 1;
      if (password.Length < 1)
        return PasswordScore.Blank;
      if (password.Length < 4)
        return PasswordScore.VeryWeak;

      if (password.Length >= 8)
        score++;
      if (password.Length >= 12)
        score++;
      if (Regex.IsMatch(password, @"[0-9]+(\.[0-9][0-9]?)?", RegexOptions.ECMAScript))   //number only //"^\d+$" if you need to match more than one digit.
        score++;
      if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z]).+$", RegexOptions.ECMAScript)) //both, lower and upper case
        score++;
      if (Regex.IsMatch(password, @"[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]", RegexOptions.ECMAScript)) //^[A-Z]+$
        score++;
      return (PasswordScore)score;
    }

---

Mitja

Answer 6

@Mitja, no need to use ECMAScript for the expressions, ECMAScript is usually slower than a regularly typed expression.

It would make sure the expressions can be interchanged between Javascript and .NET.

Answer 7

using Mitja and Jesse suggestions:

I implemented the following in mine application:

public enum PasswordScore
{
   Blank = 0,
   VeryWeak = 1,
   Weak = 2,
   Medium = 3,
   Strong = 4,
   VeryStrong = 5
}
public static PasswordScore CheckStrength(string password)
{
   int score = 1;
   if (password.Length < 1)
      return PasswordScore.Blank;
   if (password.Length < 4)
      return PasswordScore.VeryWeak;
   if (password.Length >= 8) score++;
   if (password.Length >= 12) score++;
   if (Regex.IsMatch(password, @"[0-9]+(\.[0-9][0-9]?)?"))   //number only //"^\d+$" if you need to match more than one digit.
      score++;
   if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z]).+$")) //both, lower and upper case
      score++;
   if (Regex.IsMatch(password, @"[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]")) //^[A-Z]+$
      score++;
   return (PasswordScore)score;
}

I hope someone will find it useful as in mine application