Implementing a Password Strength Checker in Python

·

4 min read

Passwords are the frontline of security for digital systems, yet many users still rely on weak passwords. To help promote better password practices, we’ll build a simple but effective password strength checker in Python. This blog will guide you through understanding password strength, evaluating entropy, and implementing a script that can provide feedback on the quality of a password. Let’s dive in!

What is Password Strength?

Password strength measures how resistant a password is to guessing or brute-force attacks. A strong password has:

  • Sufficient length (12+ characters is recommended).

  • A mix of character types (uppercase, lowercase, numbers, and symbols).

  • No common patterns (e.g., “123456” or “password”).

  • No personal information (e.g., names, birthdates).

Password strength can be assessed using entropy, which calculates the unpredictability of the password.

Entropy Formula:

$$H = L \cdot \log_2(N)$$

Where:

  • H: Entropy (in bits).

  • L: Password length.

  • N: Number of possible characters (e.g., 26 for lowercase letters, 62 for letters + numbers).

Higher entropy = stronger password.


Step-by-Step Guide to Building a Password Strength Checker

1. Setting Up Your Environment

Ensure you have Python installed. You can use any text editor or IDE, such as VSCode or PyCharm.

2. Install Required Libraries

For this project, we’ll use only Python’s standard library, so no additional installations are needed.

3. Code Walkthrough

Below is the complete Python script for the password strength checker. It evaluates password strength based on length, character variety, and entropy.

import math
import string

# Define character sets
LOWERCASE = string.ascii_lowercase
UPPERCASE = string.ascii_uppercase
DIGITS = string.digits
SYMBOLS = string.punctuation

# Function to calculate entropy
def calculate_entropy(password):
    character_pool = 0

    # Check which character sets are in the password
    if any(char in LOWERCASE for char in password):
        character_pool += len(LOWERCASE)
    if any(char in UPPERCASE for char in password):
        character_pool += len(UPPERCASE)
    if any(char in DIGITS for char in password):
        character_pool += len(DIGITS)
    if any(char in SYMBOLS for char in password):
        character_pool += len(SYMBOLS)

    # Calculate entropy
    if character_pool == 0:
        return 0  # No valid characters

    entropy = len(password) * math.log2(character_pool)
    return round(entropy, 2)

# Function to evaluate password strength
def evaluate_password(password):
    if len(password) < 8:
        return "Weak: Password should be at least 8 characters long."

    entropy = calculate_entropy(password)

    if entropy < 28:
        return "Weak: Password is too predictable. Increase length and character variety."
    elif 28 <= entropy < 36:
        return "Moderate: Consider adding more unique characters."
    else:
        return "Strong: Your password is robust!"

# Main script
def main():
    print("Welcome to the Password Strength Checker!")
    while True:
        password = input("Enter a password to evaluate (or 'exit' to quit): ")
        if password.lower() == 'exit':
            print("Goodbye!")
            break

        feedback = evaluate_password(password)
        print(f"Password Strength: {feedback}\n")

if __name__ == "__main__":
    main()

Breaking Down the Code

Character Sets

We use string.ascii_lowercase, string.ascii_uppercase, string.digits, and string.punctuation to identify different character types. This allows us to calculate the character pool size dynamically based on the password content.

Entropy Calculation

Entropy is calculated using the formula provided earlier. The math.log2 function computes the logarithm base 2 of the character pool size.

Password Evaluation

The script categorizes passwords into three strength levels:

  • Weak: Entropy < 28 bits.

  • Moderate: Entropy between 28 and 36 bits.

  • Strong: Entropy ≥ 36 bits.

Interactive Input

The main() function allows users to test multiple passwords in an interactive session.


Sample Run

Here’s an example session:

Welcome to the Password Strength Checker!
Enter a password to evaluate (or 'exit' to quit): password123
Password Strength: Weak: Password is too predictable. Increase length and character variety.

Enter a password to evaluate (or 'exit' to quit): P@ssw0rd2024
Password Strength: Moderate: Consider adding more unique characters.

Enter a password to evaluate (or 'exit' to quit): G$h8Z!4xTn@
Password Strength: Strong: Your password is robust!

Enter a password to evaluate (or 'exit' to quit): exit
Goodbye!

Takeaways and Next Steps

  • Why Entropy Matters: Higher entropy means a password is harder to guess or brute force.

  • Balancing Usability and Security: While strong passwords are essential, they should also be memorable. Consider using passphrases (e.g., “HorseBatteryStaple!”).

  • Extend the Script: Add features like a password generator or database checks for leaked passwords (e.g., using the Have I Been Pwned API).

Conclusion

This password strength checker demonstrates how easy it is to implement a practical cybersecurity tool in Python. By understanding the principles behind password strength, you can educate users and help secure digital systems. Feel free to customize the script to suit your needs and share your improvements in the comments!

Happy coding!