Password Quality Evaluator
Submitted by johnk on Thu, 12/07/2006 - 03:05.
This is an up-and-coming feature on some sites. It measures the quality of a password, and gives the user immediate feedback about how good it is.
The JavaScript below does that. It calculates the score by grouping the keyboard into uppercase, lowercase, punctuation, and numbers. You get points for length, for diversity in using keys from different groups, for switching groups often, and extra for using punctuation.
The HTML part was intended for creating an .htaccess password.
Here's a demo:
|
Password Quality: |
<form style="margin: 0px; padding: 0px;"
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top">
Security Domain <input name="secdom" value="application" size="10"/>
</td>
<td valign="top">
Username <input name="username" value="" size="8" />
</td>
<td valign="top">
Password <input id="password" type="password" name="password" size="8" onKeyUp="checkQuality(this)"/><br />
<small>Quality: <span id="quality"></span></small>
</td>
<td valign="top">
<input type="submit" value="create">
</td>
</tr>
</table>
</form>
<script type="text/javascript">
function checkQuality(field)
{
var output = document.getElementById('quality');
var pass = field.value;
var score = 0;
var punctuations = '!@#$%^&*()~`_-+={}[];:"<>,./?\\\''.split('');
var uppercases = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.split('');
var lowercases = 'abcdefghijklmnopqrstuvwxyz'.split('');
var hasPunctuation = false;
var hasUppercase = false;
var hasLowercase = false;
var hasNumber = false;
var membership = [];
for (c in punctuations)
{
if (pass.indexOf(punctuations[c]) != -1)
{
score++;
hasPunctuation = true;
membership[pass.indexOf(punctuations[c])] = 'P';
}
}
for (c in uppercases)
{
if (pass.indexOf(uppercases[c]) != -1)
{
score += .5;
hasUppercase = true;
membership[pass.indexOf(uppercases[c])] = 'U';
}
}
for (c in lowercases)
{
if (pass.indexOf(lowercases[c]) != -1)
{
score += .5;
hasLowercase = true;
membership[pass.indexOf(lowercases[c])] = 'L';
}
}
for (c=0;c<=9;c++)
{
if (pass.indexOf(c) != -1)
{
score += .5;
hasNumber = true;
membership[pass.indexOf(c)] = 'N';
}
}
// calculate the "noisyness" of the password
// each transition from one group of symbols to the next adds .25 to the score
// NoI$yNeSs of that string is 4.25
// noisyness of that string is .25
var lastType = '';
for (i in membership)
{
if (lastType != membership[i])
{
score += .25;
lastType = membership[i];
}
}
if (hasPunctuation) score++;
if (hasNumber) score++;
if (hasUppercase) score++;
if (hasLowercase) score++;
if (score < 9) q = 'excellent';
if (score < 8) q = 'very good';
if (score < 7) q = 'good';
if (score < 6) q = 'fair';
if (score < 5) q = 'poor';
if (score < 4) q = 'useless';
output.innerHTML = q + ' (' + score + ')';
}
</script>