| Additions |
Type |
Rate |
Count |
Bonus |
| Number of characters |
Flat |
+(n*4) |
|
|
| Uppercase letters |
Cond/Incr |
+((len-n)*2) |
|
|
| Lowercase Letters |
Cond/Incr |
+((len-n)*2) |
|
|
| Numbers |
Cond |
+(n*4) |
|
|
| Symbols |
Flat |
+(n*6) |
|
|
| Middle numbers or symbols |
Flat |
+(n*2) |
|
|
| Requirements |
Flat |
+(n*2) |
|
|
| Deductions |
Type |
Rate |
Count |
Bonus |
| Letters only |
Flat |
-n |
|
|
| Numbers only |
Flat |
-n |
|
|
| Repeat Characters (case insensitive) |
Comp |
- |
|
|
| Consecutive uppercase letters |
Flat |
-(n*2) |
|
|
| Consecutive lowercase letters |
Flat |
-(n*2) |
|
|
| Consecutive numbers |
Flat |
-(n*2) |
|
|
| Sequential letters (3+) |
Flat |
-(n*3) |
|
|
| Sequential numbers (3+) |
Flat |
-(n*3) |
|
|
| Sequential symbols (3+) |
Flat |
-(n*3) |
|
|
| Legend |
| Exceptional Exceeds minimum standards. Additional bonuses are applied. |
| Sufficient Meets minimum standards. Additional bonuses are applied. |
| Warning Advisory against employing bad practices. Overall score is reduced. |
| Failure Does not meet the minimum standards. Overall score is reduced. |
Additional points are given for increased character variety.
Final score is a cumulative result of all bonuses minus deductions.
Final score is capped with a minimum of 0 and a maximum of 100.
Score and Complexity ratings are not conditional on meeting minimum requirements.
- Flat
-
- Rates that add/remove in non-changing increments.
- Incr
- Rates that add/remove in adjusting increments.
- Cond
- Rates that add/remove depending on additional factors.
- Comp
- Rates that are too complex to summarize. See source code for details.
- n
- Refers to the total number of occurrences.
- len
- Refers to the total password length.
Disclaimer:
This application is designed to assess the strength of password strings.
The instantaneous visual feedback provides the user a means to improve
the strength of their passwords, with a hard focus on breaking the typical
bad habits of faulty password formulation. Since no official weighting
system exists, we created our own formulas to assess the overall strength
of a given password. Please note, that this application does not utilize
the typical "days-to-crack" approach for strength determination.
We have found that particular system to be severely lacking and unreliable
for real-world scenarios. This application is neither perfect nor foolproof,
and should only be utilized as a loose guide in determining methods for improving
the password creation process.
