See also What is the best way to check the strength of a password?
Some applications (or websites) compute a password complexity when you type it. They typically display a red bar which turn orange, then green, then even greener as your password get longer, and contains more classes of characters (ie lowercase,uppercase, punctuation, digits...)
Here's the algorithm I use.
private int GetPasswordComplexity(string password)
{
if (password.Length <= 4)
return 1;
int complexity = 0;
int digit = 0;
int letter = 0;
int cap = 0;
int other = 0;
for (int i = 0; i < password.Length; i++)
{
if (char.IsDigit(password[i]) && i!=password.Length-1)
digit = 1;
else if (char.IsLower(password[i]))
letter = 1;
else if (char.IsUpper(password[i]) && i!=0)
cap = 1;
else
other = 1;
}
complexity = digit + letter + cap + other;
if (password.Length <= 7)
complexity = Math.Min(3, complexity);
return complexity;
}
I'm concerned by the fact that my algorithm would rate "Password1!" as "very strong" and "]@feé:m" as "weak" because it's only 7 char's long.
EDIT : I've slightly updated the algorithm to ignore Capital letters and digits when they're respectively the first and the last char of the password.
Does anyone here has experience with this kind of problems? How would you add a dictionary to detect common words?