Password strength meters are becoming more and more popular amongst web services. Google uses one when creating a Google account. One can argue how useful these meters really are, but non-the-less they are fairly cool for users. So how does one go about making one of these meters? Well it’s fairly straight forward.
The basic break down is we add an event handler on your password field that will check the password for every key input the user types. This allows for an updated meter as the user types the password. When you get into the algorithm that actually checks how secure a password is, there are many routes you can go. When researching for this project, I chose to base my code off of the kind folks over at Intelligent Web. There theory is to calculate how many different combinations there are for the password you enter, then determine how many days it would take to crack your password. The algorithm returns a percentage that we then in turn convert to a nice GUI for the end user to see. So let’s take a look at the code:
The JavaScript is fairly straight forward. There are settings at the top for different checks to enable or disable. Here is the JavaScript:
[ftf]
// Password strength meter v1.0
// Matthew R. Miller – 2007
// www.codeandcoffee.com
// Based off of code from http://www.intelligent-web.co.uk
// Settings
// — Toggle to true or false, if you want to change what is checked in the password
var bCheckNumbers = true;
var bCheckUpperCase = true;
var bCheckLowerCase = true;
var bCheckPunctuation = true;
var nPasswordLifetime = 365;
// Check password
function checkPassword(strPassword)
{
// Reset combination count
nCombinations = 0;
// Check numbers
if (bCheckNumbers)
{
strCheck = “0123456789″;
if (doesContain(strPassword, strCheck) > 0)
{
nCombinations += strCheck.length;
}
}
// Check upper case
if (bCheckUpperCase)
{
strCheck = “ABCDEFGHIJKLMNOPQRSTUVWXYZ”;
if (doesContain(strPassword, strCheck) > 0)
{
nCombinations += strCheck.length;
}
}
// Check lower case
if (bCheckLowerCase)
{
strCheck = “abcdefghijklmnopqrstuvwxyz”;
if (doesContain(strPassword, strCheck) > 0)
{
nCombinations += strCheck.length;
}
}
// Check punctuation
if (bCheckPunctuation)
{
strCheck = “;:-_=+\|//?^&!.@$£#*()%~<>{}[]“;
if (doesContain(strPassword, strCheck) > 0)
{
nCombinations += strCheck.length;
}
}
// Calculate
// — 500 tries per second => minutes
var nDays = ((Math.pow(nCombinations, strPassword.length) / 500) / 2) / 86400;
// Number of days out of password lifetime setting
var nPerc = nDays / nPasswordLifetime;
return nPerc;
}
// Runs password through check and then updates GUI
function runPassword(strPassword, strFieldID)
{
// Check password
nPerc = checkPassword(strPassword);
// Get controls
var ctlBar = document.getElementById(strFieldID + “_bar”);
var ctlText = document.getElementById(strFieldID + “_text”);
if (!ctlBar || !ctlText)
return;
// Set new width
var nRound = Math.round(nPerc * 100);
if (nRound < (strPassword.length * 5))
{
nRound += strPassword.length * 5;
}
if (nRound > 100)
nRound = 100;
ctlBar.style.width = nRound + “%”;
// Color and text
if (nRound > 95)
{
strText = “Very Secure”;
strColor = “#3bce08″;
}
else if (nRound > 75)
{
strText = “Secure”;
strColor = “orange”;
}
else if (nRound > 50)
{
strText = “Mediocre”;
strColor = “#ffd801″;
}
else
{
strColor = “red”;
strText = “Insecure”;
}
ctlBar.style.backgroundColor = strColor;
ctlText.innerHTML = “” + strText + ““;
}
// Checks a string for a list of characters
function doesContain(strPassword, strCheck)
{
nCount = 0;
for (i = 0; i < strPassword.length; i++)
{
if (strCheck.indexOf(strPassword.charAt(i)) > -1)
{
nCount++;
}
}
return nCount;
}
[/ftf]
On the HTML side, I have setup a simple form to display the interaction the user will receive.
[ftf]
[/ftf]
The magic lies inside the event handler I spoke about above. The “onkeyup” event passes the current password, and the ID for this input item. The ID is used to reference the below div tags that show the strength meter and text. The ID allows for you to have more than one password meter per form, per page.
[ftf]
[/ftf]The algorithm can be enhanced if you wish to get more complicated with the strength checking. One can also adjust the colors and text for the various strength levels displayed to the user.[ftf]
// Color and text
if (nRound > 95)
{
strText = “Very Secure”;
strColor = “#3bce08″;
}
else if (nRound > 75)
{
strText = “Secure”;
strColor = “orange”;
}
else if (nRound > 50)
{
strText = “Mediocre”;
strColor = “#ffd801″;
}
else
{
strColor = “red”;
strText = “Insecure”;
}
[/ftf]
Further features could be displaying when a user has not entered a valid password, for example not a long enough length.
Here is a demo of the above code, and download links so you can implement this into your sign up pages. Enjoy!
Right Click to Download:
[...] How to Make a Password Strength Meter Like Google – Code and Coffee Javascript sederhana untuk membuat ukuran kekuatan kata sandi. (tags: javascript) [...]
[...] Link: Code and Coffee [...]
[...] How to Make a Password Strength Meter Like Google – Code and CoffeeJavascript sederhana untuk membuat ukuran kekuatan kata sandi.(tags: javascript) [...]
it’s very helpfull i need it in my app
Thanx
poor script. attaching an arbitrary rating depending on the amount of numbers or letters is a bad way of determining password strength. as others have posted, under this system “password” is a very secure password. As is “11111111111″.
This script could be improved greatly by checking that the string does not include repeated characters and putting in an AJAX call that runs a cross-check against a dictionary to weed out real words.
But, as others have said, the script provides a base at least for others to build upon, so kudos for that.
Comments closed as there is a new version available at:
http://www.codeandcoffee.com/2007/07/16/how-to-make-a-password-strength-meter-like-google-v20/
[...] Instalarlo es muy sencillo. Tienes disponible el código fuente y ejemplos en Code and Cofee. [...]
[...] und signalisiert wie gut das eingetippte Passwort ist. Matthew R. Miller hat in seinem Blog ein kleines Script vorgestellt das genau dieses Verhalten nachahmt, natürlich ist das Script etwas [...]
[...] users. So how does one go about making one of these meters? Well it’s fairly straight forward.read more | digg [...]
[...] dover controllare che la password che l’utente si crea, sia sicura oltre che valida.Questo post, preso dal [...]
[...] Script [...]
[...] How to make a password strength meter like Google: interesante javascript con el que medir la calidad de las contraseñas. none [...]
[...] Password Strength Meters are becoming more and more popular amongst web services. Google uses one when creating a Google account. The password strength meters wil be updated for every key input the user types. So how does one go about making one of these meters? Code and Coffee created one for us, it calculates how many different combinations there are for the password you enter, then determine how many days it would take to crack your password. The algorithm returns a percentage that he then in turn convert to a nice GUI for the end user to see. Requirements: Modern Browser with Javascript Enabled Demo: http://www.codeandcoffee.com/wp-content/uploads/demo.html License: License Free [...]
[...] Code and Coffee has released the javascript file along with the demo.html page that you would need, to add one of these password meters to your site or service. There is also a detailed explanation as to how to the code works which can be read, by clicking here. [...]
[...] http://www.codeandcoffee.com/ [...]
[...] volete creare qualcosa di simile per il vostro sito, trovate in questo tutorial tutto quello che vi occorre, compreso codice Javascript da scaricare e usare [...]
Incest Young Gay Porn…
Sorry, it just sounds like a crazy idea for me
…
[...] How to Make a Password Strength Meter Like Google link [...]
[...] read more | digg story [...]
[...] How to Make a Password Strength Meter Like Google [...]
[...] read more | digg story [...]
[...] Password strength meter [...]
[...] Password strength meter [...]