Password Score is designed to give a realisitc estimation of the strength of a password. When speaking of *strength* we need an appropriate measure. A common measure for this purpose is based on information theory and called entropy. We will define the entropy of a password as follows: when $N$ is the number of guesses needed to crack a password with certainty the entropy is given by the base-2 logarithm of $N$.

A naive approach of estimating the number of guesses needed is using a brute-force approach. Given a password $p$ we take $N := n^{|p|}$ where $|p|$ is the length of $p$ and $n$ is the number of possible characters. The brute-force approach simply tries all possible combinations of $|p|$ characters. But due to human nature assuming a password to be a random sequence of characters is far to idealisitc. Most of us tend to choose passwords made up of common words, names, special numbers - passwords which are easy to remember. So the naive approach highly overestimates the strength of a password.

Therefore every password cracking software uses dictionaries, lists of common passwords and names to give better performance. Password Score will search a given password for common words, passwords or names - or in general Password Score searches for *patterns* within the password. Other possible patterns are keyboard patterns like `qwerty` or sequences like `1234`. Instead of using random numbers we tend to use numbers which have a meaning like dates - birthdays or anniversaries of any kind.

The project can be found on GitHub and includes documentation and a simple demonstration page which can be found here. The project is not a visual strength meter as used in registration forms and modern web applications. The library simply gives an estimation of a password's strength measured in entropy and based on several data sources like dictionaries, common passwords or keyboads. Thus the library may be used to implement visual strength meters.

An example of a visual strength meter based on Password Score can be found on GitHub and is based on Twitter Bootstrap's progress bars - work still in progress.

Bootstrap Strength Meter on GitHubPassword Score on GitHub### References

- [1] Wikipedia: Password strength
- [2] Wikipedia: Entropy
- [3] Dropbox: zxcvbn: realistic password strength estimation

The used data sources for dictionaries, password lists etc. can be found on GitHub

your opinionon this article?Let me knowyour thoughts on Twitter @davidstutz92 or LinkedIn in/davidstutz92.