Additions |
Type |
Rate |
Count |
Bonus |
Number of characters |
Flat |
+(n*4) |
|
|
Uppercase letters |
Cond/Incr |
+((len-n)*2) |
|
|
Lowercase Letters |
Cond/Incr |
+((len-n)*2) |
|
|
Numbers |
Cond |
+(n*4) |
|
|
Symbols |
Flat |
+(n*6) |
|
|
Middle numbers or symbols |
Flat |
+(n*2) |
|
|
Requirements |
Flat |
+(n*2) |
|
|
Deductions |
Type |
Rate |
Count |
Bonus |
Letters only |
Flat |
-n |
|
|
Numbers only |
Flat |
-n |
|
|
Repeat Characters (case insensitive) |
Comp |
- |
|
|
Consecutive uppercase letters |
Flat |
-(n*2) |
|
|
Consecutive lowercase letters |
Flat |
-(n*2) |
|
|
Consecutive numbers |
Flat |
-(n*2) |
|
|
Sequential letters (3+) |
Flat |
-(n*3) |
|
|
Sequential numbers (3+) |
Flat |
-(n*3) |
|
|
Sequential symbols (3+) |
Flat |
-(n*3) |
|
|
Legend |
Exceptional Exceeds minimum standards. Additional bonuses are applied. |
Sufficient Meets minimum standards. Additional bonuses are applied. |
Warning Advisory against employing bad practices. Overall score is reduced. |
Failure Does not meet the minimum standards. Overall score is reduced. |
Additional points are given for increased character variety.
Final score is a cumulative result of all bonuses minus deductions.
Final score is capped with a minimum of 0 and a maximum of 100.
Score and Complexity ratings are not conditional on meeting minimum requirements.
- Flat
-
- Rates that add/remove in non-changing increments.
- Incr
- Rates that add/remove in adjusting increments.
- Cond
- Rates that add/remove depending on additional factors.
- Comp
- Rates that are too complex to summarize. See source code for details.
- n
- Refers to the total number of occurrences.
- len
- Refers to the total password length.
Disclaimer:
This application is designed to assess the strength of password strings.
The instantaneous visual feedback provides the user a means to improve
the strength of their passwords, with a hard focus on breaking the typical
bad habits of faulty password formulation. Since no official weighting
system exists, we created our own formulas to assess the overall strength
of a given password. Please note, that this application does not utilize
the typical "days-to-crack" approach for strength determination.
We have found that particular system to be severely lacking and unreliable
for real-world scenarios. This application is neither perfect nor foolproof,
and should only be utilized as a loose guide in determining methods for improving
the password creation process.