Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Checking strings for a strong enough password [duplicate]

Tags:

Possible Duplicate:
Strong password regex
Need RegEx for password strength?

I was just wondering what the best way to search a string for certain criteria (password strength to be specific) could be accomplished.

So far I have a simple:

if(password.Length <= 7)     {         errorMessage = "Your password must be at least 8 characters.";     } 

I would like to be able to check for capital letters, but I am not sure what the method or procedure is. I have tried Googling, searching the website: http://msdn.microsoft.com, and searching the index of my C# book (C# Programming 3E, by Barbara Doyle), but I can't seem to find any.

I know I could try this...:

foreach(char c in password)     {         if(c!='A' || c!='B' || c!='C' || c!='D' ..... || c!='Z')         {             errorMessage = "Your password must contain at least one capital letter";         }     } 

...But that would be extremely sloppy, and would have to be doubled to check for at least one lowercase letter. I am sure there is a better way to do this, or at least shorthand for the method I have shown above.

Also, I may decide to check the password for special characters (seems easier to do in the example above than with upper and lower case letters, so I may just use that for special characters, should I decide to make them necessary). If there is an easy (or proper) way to do that, I would love to have that knowledge, as well.

Anyway, thank you so much for any help anyone can give.

like image 602
VoidKing Avatar asked Oct 15 '12 16:10

VoidKing


People also ask

How do I know if I have a strong password?

A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords. A password should include a combination of letters, numbers, and characters.

What is the ideal length for a strong password?

8 characters are a great place to start when creating a strong password, but longer logins are better. The Electronic Frontier Foundation and security expert Brian Krebs, among many others, advise using a passphrase made up of three or four random words for added security.

Which of the following is a strong password?

Use a mixture of upper- and lowercase; passwords are case sensitive. Use a combination of letters and numbers, or a phrase like "many colors" using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .

What is password string?

A password is a string of characters used to verify the identity of a user during the authentication process. Passwords are typically used in tandem with a username; they are designed to be known only to the user and allow that user to gain access to a device, application or website.


1 Answers

I can't take the credit, as I stole this from here

using System.Text; using System.Text.RegularExpressions;    public enum PasswordScore   {     Blank = 0,     VeryWeak = 1,     Weak = 2,     Medium = 3,     Strong = 4,     VeryStrong = 5   }    public class PasswordAdvisor   {     public static PasswordScore CheckStrength(string password)     {       int score = 0;        if (password.Length < 1)         return PasswordScore.Blank;       if (password.Length < 4)         return PasswordScore.VeryWeak;        if (password.Length >= 8)         score++;       if (password.Length >= 12)         score++;       if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript).Success)         score++;       if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript).Success &&         Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript).Success)         score++;       if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript).Success)         score++;        return (PasswordScore)score;     }   } 

Note the use of regex for checking for upper case characters. This appears to be a decent approach, as it checks length, use of upper and lower case characters, numeric digits and special characters.

** Update **

I know the question is now closed, but I can add more explanation for VoidKing to understand some of the concepts.

A PasswordScore is returned from the CheckStrength method, which can be used as the condition for what to do next in your code.

Here's an untested demo of how the above code could be used:

String password = "MyDummy_Password"; // Substitute with the user input string PasswordScore passwordStrengthScore = PasswordAdvisor.CheckStrength(password);  switch (passwordStrengthScore) {     case PasswordScore.Blank:     case PasswordScore.VeryWeak:     case PasswordScore.Weak:             // Show an error message to the user             break;     case PasswordScore.Medium:     case PasswordScore.Strong:     case PasswordScore.VeryStrong:            // Password deemed strong enough, allow user to be added to database etc            break; } 

Enums are used in this case as a means of classifying the strength of the password into human-readable groups. Keeps the code clean, and makes it obvious what is going on in the code.

Regarding the use of Regex's, if you're unfamiliar with the concept of them and how and when to use them, I suggest doing some research as these can be useful in many different scenarios for checking for patterns in strings. Perhaps start here.

like image 101
Steve Kennaird Avatar answered Sep 28 '22 09:09

Steve Kennaird