Passwords are the frontline of security for digital systems, yet many users still rely on weak passwords. To help promote better password practices, we’ll build a simple but effective password strength checker in Python. This blog will guide you through understanding password strength, evaluating entropy, and implementing a script that can provide feedback on the quality of a password. Let’s dive in!
What is Password Strength?
Password strength measures how resistant a password is to guessing or brute-force attacks. A strong password has:
Sufficient length (12+ characters is recommended).
A mix of character types (uppercase, lowercase, numbers, and symbols).
No common patterns (e.g., “123456” or “password”).
No personal information (e.g., names, birthdates).
Password strength can be assessed using entropy, which calculates the unpredictability of the password.
Entropy Formula:
$$H = L \cdot \log_2(N)$$
Where:
H: Entropy (in bits).
L: Password length.
N: Number of possible characters (e.g., 26 for lowercase letters, 62 for letters + numbers).
Higher entropy = stronger password.
Step-by-Step Guide to Building a Password Strength Checker
1. Setting Up Your Environment
Ensure you have Python installed. You can use any text editor or IDE, such as VSCode or PyCharm.
2. Install Required Libraries
For this project, we’ll use only Python’s standard library, so no additional installations are needed.
3. Code Walkthrough
Below is the complete Python script for the password strength checker. It evaluates password strength based on length, character variety, and entropy.
import math
import string
# Define character sets
LOWERCASE = string.ascii_lowercase
UPPERCASE = string.ascii_uppercase
DIGITS = string.digits
SYMBOLS = string.punctuation
# Function to calculate entropy
def calculate_entropy(password):
character_pool = 0
# Check which character sets are in the password
if any(char in LOWERCASE for char in password):
character_pool += len(LOWERCASE)
if any(char in UPPERCASE for char in password):
character_pool += len(UPPERCASE)
if any(char in DIGITS for char in password):
character_pool += len(DIGITS)
if any(char in SYMBOLS for char in password):
character_pool += len(SYMBOLS)
# Calculate entropy
if character_pool == 0:
return 0 # No valid characters
entropy = len(password) * math.log2(character_pool)
return round(entropy, 2)
# Function to evaluate password strength
def evaluate_password(password):
if len(password) < 8:
return "Weak: Password should be at least 8 characters long."
entropy = calculate_entropy(password)
if entropy < 28:
return "Weak: Password is too predictable. Increase length and character variety."
elif 28 <= entropy < 36:
return "Moderate: Consider adding more unique characters."
else:
return "Strong: Your password is robust!"
# Main script
def main():
print("Welcome to the Password Strength Checker!")
while True:
password = input("Enter a password to evaluate (or 'exit' to quit): ")
if password.lower() == 'exit':
print("Goodbye!")
break
feedback = evaluate_password(password)
print(f"Password Strength: {feedback}\n")
if __name__ == "__main__":
main()
Breaking Down the Code
Character Sets
We use string.ascii_lowercase
, string.ascii_uppercase
, string.digits
, and string.punctuation
to identify different character types. This allows us to calculate the character pool size dynamically based on the password content.
Entropy Calculation
Entropy is calculated using the formula provided earlier. The math.log2
function computes the logarithm base 2 of the character pool size.
Password Evaluation
The script categorizes passwords into three strength levels:
Weak: Entropy < 28 bits.
Moderate: Entropy between 28 and 36 bits.
Strong: Entropy ≥ 36 bits.
Interactive Input
The main()
function allows users to test multiple passwords in an interactive session.
Sample Run
Here’s an example session:
Welcome to the Password Strength Checker!
Enter a password to evaluate (or 'exit' to quit): password123
Password Strength: Weak: Password is too predictable. Increase length and character variety.
Enter a password to evaluate (or 'exit' to quit): P@ssw0rd2024
Password Strength: Moderate: Consider adding more unique characters.
Enter a password to evaluate (or 'exit' to quit): G$h8Z!4xTn@
Password Strength: Strong: Your password is robust!
Enter a password to evaluate (or 'exit' to quit): exit
Goodbye!
Takeaways and Next Steps
Why Entropy Matters: Higher entropy means a password is harder to guess or brute force.
Balancing Usability and Security: While strong passwords are essential, they should also be memorable. Consider using passphrases (e.g., “HorseBatteryStaple!”).
Extend the Script: Add features like a password generator or database checks for leaked passwords (e.g., using the Have I Been Pwned API).
Conclusion
This password strength checker demonstrates how easy it is to implement a practical cybersecurity tool in Python. By understanding the principles behind password strength, you can educate users and help secure digital systems. Feel free to customize the script to suit your needs and share your improvements in the comments!
Happy coding!