1 Topic by AD1408 (edited by AD1408 2017-04-19 10:45:32)

  • Registered: 2016-07-28
  • Posts: 1,028

Topic: Password strength meter

Could anybody code a password strength meter?

Strength meter would be active. While typing characters into password field meter would be updated, showing how many bits and characters.


Also I add check for re-enter script to button save as follows:

procedure frmDetails_btnSAVE_OnClick (Sender: string; var Cancel: boolean);
begin
    if not (frmDetails.edPassword.Text = frmDetails.edReEnterPassw.Text) then
    begin
      ShowMessage('Please re-enter password correctly.');
      frmDetails.edReEnterPassw.Clear;
    end;
end;

It checks  OK but it results in blocking save?


edit:
---------------
I used the following for checking re-enter with additional save button. It seems to be working OK but not sure if it's a correct approach.

procedure frmDetails_btnSAVE_OnClick (Sender: string; var Cancel: boolean);
begin
onClick1;
onClick2;
end;

procedure onClick1;
begin
    if not (frmDetails.edPassword.Text = frmDetails.edReEnterPassw.Text) then
    begin
      ShowMessage('Please re-enter password correctly.');
      frmDetails.edReEnterPassw.Clear;
    end;
end;

procedure onClick2;
begin
    if (frmDetails.edPassword.Text = frmDetails.edReEnterPassw.Text) then
    begin
      frmDetails.btnSAVEfake.Click;
    end;
end;

Please see the attached sample project:

Post's attachments

Attachment icon Password - Strength Meter.zip 7.87 kb, 416 downloads since 2017-04-18 

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2014-02-14
  • Posts: 10,294

Re: Password strength meter

Do you mean something like this:
https://www.my1login.com/resources/pass … ngth-test/


Or you want just to see how many characters in a password?

Dmitry.
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

Do you mean something like this:
https://www.my1login.com/resources/pass … ngth-test/

Yes, that looks good.


Or you want just to see how many characters in a password?

Characters is just something extra next to meter but this feature is not that important.

Adam
God... please help me become the person my dog thinks I am.

4 Reply by mathmathou (edited by mathmathou 2017-04-19 22:53:55)

  • Registered: 2015-02-24
  • Posts: 446

Re: Password strength meter

Hello AD

Something like this could do it :

procedure frmDetails_edPassword_OnChange (Sender: string);
var
    pass_l : Integer;
begin
    pass_l := length(frmDetails.edPassword.Text);
        if pass_l < 5 then frmDetails.edPassword.Color := $008080FF
        else if (pass_l >= 5) and (pass_l < 8) then frmDetails.edPassword.Color := $0051A8FF
        else if pass_l >= 8 then frmDetails.edPassword.Color := clLime;
end;

Measuring the length of the password on the onChange event of the edit field is one basic approach. If you want to check to composition of the password as well, this is another story smile


Adjust the colors and the steps to your needs.


Hope this helps


Math

I'm a very good housekeeper !
Each time I get a divorce, I keep the house
Zaza Gabor
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

Hi Math,


Thanks for the nice little script. It's very useful indeed for various tasks. As you have pointed out it's too basic for the purposes and will give misleading feedback to user.


What Dmitry showed as example is great as it checks various aspects of a password and provides good amount of information:

Do you mean something like this:
https://www.my1login.com/resources/pass … ngth-test/

.
Hopefully Dmitry can give us something like the one above, "my1login..." one.


I found some discussions and examples on password meter but they are beyond me. I'm putting some of those links as they may be a quick reference for advanced coders here:
http://www.delphigroups.info/2/d6/413956.html
http://www.delphipraxis.net/1052507-post36.html
http://www.delphipraxis.net/1052459-post30.html
http://forums.unigui.com/index.php?/top … wordmeter/

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2014-02-14
  • Posts: 10,294

Re: Password strength meter

function StrengthMeter(sPassword: string): string;
var
    LowerCase, UpperCase, Numbers, Symbols: boolean;
    iLength, i: integer;
begin
    LowerCase := False;
    UpperCase := False;
    Numbers   := False;
    Symbols   := False;

    iLength := Length(sPassword);

    for i := 1 to iLength do
        if (ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122) then LowerCase := True;

    for i := 1 to iLength do
        if (ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90) then UpperCase := True;

    for i := 1 to iLength do
        if (ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57) then Numbers := True;

    for i := 1 to iLength do
        if not((ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122)) and
           not((ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90)) and
           not((ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57)) then Symbols := True;


    if iLength <= 4 then result := 'Very weak';

    if (iLength >=5) and (iLength <=6) then
    begin
        if LowerCase and UpperCase and Numbers and Symbols then result := 'Medium'
        else if LowerCase and UpperCase and Numbers then result := 'Weak'
        else if LowerCase and UpperCase then result := 'Weak'
        else result := 'Very weak';
    end;

    if (iLength >=7) and (iLength <=8) then
    begin
        if LowerCase and UpperCase and Numbers and Symbols then result := 'Strong'
        else if LowerCase and UpperCase and Numbers then result := 'Medium'
        else if LowerCase and UpperCase then result := 'Weak'
        else result := 'Weak';
    end;

    if (iLength >=9) and (iLength <=10) then
    begin
        if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
        else if LowerCase and UpperCase and Numbers then result := 'Strong'
        else if LowerCase and UpperCase then result := 'Medium'
        else result := 'Medium';
    end;

    if (iLength >=11) and (iLength <=13) then
    begin
        if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
        else if LowerCase and UpperCase and Numbers then result := 'Very Strong'
        else if LowerCase and UpperCase then result := 'Strong'
        else result := 'Strong';
    end;

    if (iLength >=14) then result := 'Very Strong'

end;


procedure Form1_Edit1_OnChange (Sender: string);
begin
    Form1.Label1.Caption := StrengthMeter(Form1.Edit1.Text);
end;


Project:

Post's attachments

Attachment icon Password strength meter.zip 6.33 kb, 416 downloads since 2017-04-20 

Dmitry.
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

Hi Dmitry,


Great stuff................
Thank you very much................

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

Hi Dmitry,


I was testing password meter and applied to my project and it works fine.


One thing I noticed, while password meter identifies the password   12245678910121  as very strong, online tester my1login identifies it as medium.

https://s14.postimg.org/ub9gzk1gh/zzzzz_Temp22.png

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2014-02-14
  • Posts: 10,294

Re: Password strength meter

AD1408
I did an approximate algorithm of password meter, you can change the script to fix it.

Dmitry.

10 Reply by AD1408 (edited by AD1408 2017-04-21 05:46:22)

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

DriveSoft wrote:

AD1408
I did an approximate algorithm of password meter, you can change the script to fix it.


Thanks Dmitry...


I wanted to display strength label1 value on another form. I put the following under onCellClick event: 

Form1.Label2.Caption := StrengthMeter(frmDetails.edPassword.Text)+ inttostr(Form1.tgPaswords.dbitemid);

but nearest i could get it display Very weak1, Very weak2 etc. Your kind correction would be appreciated.


Edit:
------
Looks like I was thinking wrong way around. Adding a another procedure below for form1  worked OK beside frmDetails :

procedure Form1_edMainPassword_OnChange (Sender: string);
begin
  Form1.Label1.Caption := StrengthMeter(Form1.edMainPassword.Text);
end;

Once again, thank you very much Dmitry.....

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2014-02-14
  • Posts: 10,294

Re: Password strength meter

AD1408
Unfortunately I can't understand what exactly you want to do. Why you use onCellClick event?

Dmitry.

12 Reply by AD1408 (edited by AD1408 2017-04-21 09:01:52)

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter

DriveSoft wrote:

AD1408
Unfortunately I can't understand what exactly you want to do. Why you use onCellClick event?


Edit:
------
Looks like I was thinking wrong way around. Adding a another procedure below for form1  worked OK beside frmDetails :
procedure Form1_edMainPassword_OnChange (Sender: string);
begin
  Form1.Label1.Caption := StrengthMeter(Form1.edMainPassword.Text);
end;

All good Dmitry. The above works.

Adam
God... please help me become the person my dog thinks I am.

13 Reply by nrmuduli (edited by nrmuduli 2017-05-03 06:13:22)

  • Registered: 2015-12-24
  • Posts: 55

Re: Password strength meter

can anybody optimize the attached project?

Post's attachments

Attachment icon PWSTRENGTH.zip 22.85 kb, 543 downloads since 2017-05-03 

  • Registered: 2014-02-14
  • Posts: 10,294

Re: Password strength meter

nrmuduli
Thank you for the example.

Dmitry.