Reply to comment

Password Quality Evaluators Rendered Almost Useless

[This is obsolete. Short passwords are basically obsolete, and the main protection against hacking will be password managers like LastPass and 1Password. These kinds of "quality" widgets can provide a false sense of security.]


This is an up-and-coming feature on some sites. It measures the quality of a password, and gives the user immediate feedback about how good it is.

The JavaScript below does that. It calculates the score by grouping the keyboard into uppercase, lowercase, punctuation, and numbers. You get points for length, for diversity in using keys from different groups, for switching groups often, and extra for using punctuation.

The HTML part was intended for creating an .htaccess password.

Here's a demo:

Password
Quality:

The code:

<script type="text/javascript">
function checkQuality(field)
{
    var output = document.getElementById('quality');
    var pass = field.value;
    var score = 0;
    var punctuations = '!@#$%^&*()~`_-+={}[];:"<>,./?\\\''.split('');
    var uppercases = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.split('');
    var lowercases = 'abcdefghijklmnopqrstuvwxyz'.split('');
    var hasPunctuation = false;
    var hasUppercase = false;
    var hasLowercase = false;
    var hasNumber = false;
    var membership = [];
    for (c in punctuations)
    {
        if (pass.indexOf(punctuations[c]) != -1) 
        {
            score++;
            hasPunctuation = true;
            membership[pass.indexOf(punctuations[c])] = 'P';
        }
    }
    for (c in uppercases)
    {
        if (pass.indexOf(uppercases[c]) != -1) 
        {
            score += .5;
            hasUppercase = true;
            membership[pass.indexOf(uppercases[c])] = 'U';
        }
    }
    for (c in lowercases)
    {
        if (pass.indexOf(lowercases[c]) != -1)
        {
            score += .5;
            hasLowercase = true;
            membership[pass.indexOf(lowercases[c])] = 'L';
        }
    }
    for (c=0;c<=9;c++)
    {
        if (pass.indexOf(c) != -1)
        {
            score += .5;
            hasNumber = true;
            membership[pass.indexOf(c)] = 'N';
        }
    }
    // calculate the "noisyness" of the password
    // each transition from one group of symbols to the next adds .25 to the score
    // NoI$yNeSs of that string is 4.25
    // noisyness of that string is .25
    var lastType = '';
    for (i in membership)
    {
        if (lastType != membership[i]) 
        {
            score += .25;
            lastType = membership[i];
        }
    }
    if (hasPunctuation) score++;
    if (hasNumber) score++;
    if (hasUppercase) score++;
    if (hasLowercase) score++;

    if (score < 9) q = 'excellent';
    if (score < 8) q = 'very good';
    if (score < 7) q = 'good';
    if (score < 6) q = 'fair';
    if (score < 5) q = 'poor';
    if (score < 4) q = 'useless';
    output.innerHTML = q + ' (' + score + ')';
}
</script>

Reply

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.

More information about formatting options

11 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.