I’ve ported the jQuery Password Strength Meter from JavaScript to PHP.
The source code is avaliable with a few personal tweaks:
- The username is now optional, and if it’s found on the password it will be removed from the password, affecting its overall complexity.
- The method for counting repeated characters is faster, and makes more sense (in my opinion).
- A few more special characters (or symbols) are now recognized.
- The password strength is now returned on a scale of 0 to 100, instead of returning a string.
What do you think about this algorithm?
You can find another implementation of a password strength algorithm (as well as other interesting security related stuff) at http://rumkin.com/tools/password/passchk.php
Hi Alix,
This will be of use for us to check the strength of passwords we are generating at http://www.passpub.com
Thanks
Martin
Hi Martin, thanks for letting me know of your website. I took a look at it and the “Keyboard Combinations” passwords seem quite interesting although the characters seem to be always picked from left to right, which lowers the overall security - maybe you should consider adding more entropy regarding that subject…
I’ll be posting a algorithm for generating another type of memorable (and sometimes funny) passwords later in the night, check it out.
Hi Martin,
Cool site, a favicon would be nice
think about it.
Alix, interesting port
keep up the good work.
Thats pretty nice script…Thank you
I found another two password strength checkers and their algorithms based on words dictionary. Try one at http://www.microsoft.com/protect/yourself/password/checker.mspx and one at http://www.itsimpl.com. Please, try it, and write your thoughts. Good Luck! Jetman
Hi, very nice posts
I build a password strength validator for symfony-project (http://symfony-project.com) based on your source.
http://www.symfony-project.com/snippets/snippet/235
Good work! Lucas
Hi Lucas, thanks for the feedback and for using my code!
Cheers, Alix
I think a good modification on this would be to also consider blacklisted words:
http://www.phpclasses.org/browse/package/2966.html
There’s a couple of text files worth there. The jquery one couldn’t do this because it was javascript, but working in PHP we can.
I just don’t know how we’d modify the score for finding blacklisted/dictionary words.
That is a good suggestion, blacklisted keywords could act the same way as the username parameter does.