• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

looking for password check class

 
Ranch Hand
Posts: 755
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

Wonder if anyone knows any class that checks the strength of a password and can advise the user if the password is strong enough.

example: when you register with google, the password you input is 'criticized' by google whether it is strong enough or not...so the user can tell if he picked a good password.

thanks for any pointers.
 
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not aware of any class or method that will help check the strength of a password, but it certainly wouldn't be difficult to write a method of your own to do such a thing. First think of what you're checking for in the password. Maybe it has to be a certain length and have a certain number of a certain type of character in it. For the sake of argument, say it has to have at least one number in it and is a minimum of 10 characters long. I whipped up some code (not very efficient, but it gets the concepts of what you're looking for across). Here it is:



Hope that was helpful! If you have any questions, post away.

[edited to clean up very long lines]
[ December 31, 2008: Message edited by: fred rosenberger ]
 
Peter Primrose
Ranch Hand
Posts: 755
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you Jacob; I know there's a passChecker that actually check against a 'dictionary' and wonder if anyone knew that.

code: washington2009 is considered a weak password.

but yYu)32#Ff is a good one.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I wanted to write a password checker I would make use of an existing Java spell checker such as Jazzy to eliminate "real" words right off.

Bill
 
Bartender
Posts: 1952
7
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Jacob Steingart:
I am not aware of any class or method that will help check the strength of a password, but it certainly wouldn't be difficult to write a method of your own to do such a thing.



I certainly wouldn't call proactive password checking simple.

Beside the obvious checks on length and basic character composition (simple pattern matching) it should check against passwords that are known to be easily guessable. That list should include things like dictionary words, common names (people/places), acronyms, well-known phrases, keyboard patterns etc. A pretty extensive list of possibilities in and of itself, but alot of obivous permutations are still left uncovered. Like plural form, words in reverse, words that have individual letters substituted by numbers, concatentation of individual words etc. To add even more to the complexity, alot of items I mentioned are locale sensitive.

Of course there are still more things to consider, like context awareness. For instance, a given password might be strong enough in and of itself, but not if it happens to be the reverse form of that user's previous password, or strongly resembles previously used password. A password that is identical to, or strongly resembles, the username might qualify as a strong password in it's own right, but it's a lowsy choice for that particular user.

I'd say it'd be pretty darn hard to develop a good universal password checker
 
reply
    Bookmark Topic Watch Topic
  • New Topic