The Password strength procedure is working as the follow:
We have many cases to care about to know a password strength , so we will present a global variable score , and each case will add some points to score.
At the end of the algorithm we will decide the password strength according to the score value.
The cases we have are :
- If the password matches the username then BadPassword
- If the password is less than 4 characters then TooShortPassword
- Score += password length * 4
- Score -= repeated characters in the password ( 1 char repetition )
- Score -= repeated characters in the password ( 2 char repetition )
- Score -= repeated characters in the password ( 3 char repetition )
- Score -= repeated characters in the password ( 4 char repetition )
- If the password has 3 numbers then score += 5
- If the password has 2 special characters then score += 5
- If the password has upper and lower character then score += 10
- If the password has numbers and characters then score += 15
- If the password has numbers and special characters then score += 15
- If the password has special characters and characters then score += 15
- If the password is only characters then score -= 10
- If the password is only numbers then score -= 10
- If score > 100 then score = 100
Now according to score we are going to decide the password strength
- If 0 < score < 34 then BadPassword
- If 34 < score < 68 then GoodPassword
- If 68 < score < 100 then StrongPassword