密码强度计

我有一个情况下,我希望能够在我的系统的网络界面评级用户密码,以便在他们点击提交之前,他们知道如果他们有一个错误的密码。

主要要求:

  • 必须能够对密码进行评级,而不仅仅是通过/失败。
  • 如果密码低于阈值,则应禁用表单,这样用户就无法提交表单。
  • 看起来不错
  • 不要使用 jQuery-我们目前在这个系统中使用的是 Mochikit 和 Y! UI。

我发现许多密码表是用 jQuery 编写的,像 http://www.passwordmeter.com/这样的密码表太冗长了。

有没有人能给出一个我可以使用的 javascript 密码评估器的好建议,或者给出一个如何编写密码评估器的例子?

117495 次浏览
小开
最佳答案

Here's a collection of scripts: http://webtecker.com/2008/03/26/collection-of-password-strength-scripts/ (archived link)

I think both of them rate the password and don't use jQuery... but I don't know if they have native support for disabling the form?

小开 
Password Strength Algorithm:


Password Length:
5 Points: Less than 4 characters
10 Points: 5 to 7 characters
25 Points: 8 or more


Letters:
0 Points: No letters
10 Points: Letters are all lower case
20 Points: Letters are upper case and lower case


Numbers:
0 Points: No numbers
10 Points: 1 number
20 Points: 3 or more numbers


Characters:
0 Points: No characters
10 Points: 1 character
25 Points: More than 1 character


Bonus:
2 Points: Letters and numbers
3 Points: Letters, numbers, and characters
5 Points: Mixed case letters, numbers, and characters


Password Text Range:


>= 90: Very Secure
>= 80: Secure
>= 70: Very Strong
>= 60: Strong
>= 50: Average
>= 25: Weak
>= 0: Very Weak

Settings Toggle to true or false, if you want to change what is checked in the password

var m_strUpperCase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
var m_strLowerCase = "abcdefghijklmnopqrstuvwxyz";
var m_strNumber = "0123456789";
var m_strCharacters = "!@#$%^&*?_~"


Check password




function checkPassword(strPassword)
{
// Reset combination count
var nScore = 0;


// Password length
// -- Less than 4 characters
if (strPassword.length < 5)
{
nScore += 5;
}
// -- 5 to 7 characters
else if (strPassword.length > 4 && strPassword.length < 8)
{
nScore += 10;
}
// -- 8 or more
else if (strPassword.length > 7)
{
nScore += 25;
}


// Letters
var nUpperCount = countContain(strPassword, m_strUpperCase);
var nLowerCount = countContain(strPassword, m_strLowerCase);
var nLowerUpperCount = nUpperCount + nLowerCount;
// -- Letters are all lower case
if (nUpperCount == 0 && nLowerCount != 0)
{
nScore += 10;
}
// -- Letters are upper case and lower case
else if (nUpperCount != 0 && nLowerCount != 0)
{
nScore += 20;
}


// Numbers
var nNumberCount = countContain(strPassword, m_strNumber);
// -- 1 number
if (nNumberCount == 1)
{
nScore += 10;
}
// -- 3 or more numbers
if (nNumberCount >= 3)
{
nScore += 20;
}


// Characters
var nCharacterCount = countContain(strPassword, m_strCharacters);
// -- 1 character
if (nCharacterCount == 1)
{
nScore += 10;
}
// -- More than 1 character
if (nCharacterCount > 1)
{
nScore += 25;
}


// Bonus
// -- Letters and numbers
if (nNumberCount != 0 && nLowerUpperCount != 0)
{
nScore += 2;
}
// -- Letters, numbers, and characters
if (nNumberCount != 0 && nLowerUpperCount != 0 && nCharacterCount != 0)
{
nScore += 3;
}
// -- Mixed case letters, numbers, and characters
if (nNumberCount != 0 && nUpperCount != 0 && nLowerCount != 0 && nCharacterCount != 0)
{
nScore += 5;
}




return nScore;
}


// Runs password through check and then updates GUI




function runPassword(strPassword, strFieldID)
{
// Check password
var nScore = checkPassword(strPassword);




// Get controls
var ctlBar = document.getElementById(strFieldID + "_bar");
var ctlText = document.getElementById(strFieldID + "_text");
if (!ctlBar || !ctlText)
return;


// Set new width
ctlBar.style.width = (nScore*1.25>100)?100:nScore*1.25 + "%";


// Color and text
// -- Very Secure
/*if (nScore >= 90)
{
var strText = "Very Secure";
var strColor = "#0ca908";
}
// -- Secure
else if (nScore >= 80)
{
var strText = "Secure";
vstrColor = "#7ff67c";
}
// -- Very Strong
else
*/
if (nScore >= 80)
{
var strText = "Very Strong";
var strColor = "#008000";
}
// -- Strong
else if (nScore >= 60)
{
var strText = "Strong";
var strColor = "#006000";
}
// -- Average
else if (nScore >= 40)
{
var strText = "Average";
var strColor = "#e3cb00";
}
// -- Weak
else if (nScore >= 20)
{
var strText = "Weak";
var strColor = "#Fe3d1a";
}
// -- Very Weak
else
{
var strText = "Very Weak";
var strColor = "#e71a1a";
}


if(strPassword.length == 0)
{
ctlBar.style.backgroundColor = "";
ctlText.innerHTML =  "";
}
else
{
ctlBar.style.backgroundColor = strColor;
ctlText.innerHTML =  strText;
}
}


// Checks a string for a list of characters
function countContain(strPassword, strCheck)
{
// Declare variables
var nCount = 0;


for (i = 0; i < strPassword.length; i++)
{
if (strCheck.indexOf(strPassword.charAt(i)) > -1)
{
nCount++;
}
}


return nCount;
}

You can customize by yourself according to your requirement.

小开

Update: created a js fiddle here to see it live: http://jsfiddle.net/HFMvX/

I went through tons of google searches and didn't find anything satisfying. i like how passpack have done it so essentially reverse-engineered their approach, here we go:

function scorePassword(pass) {
var score = 0;
if (!pass)
return score;


// award every unique letter until 5 repetitions
var letters = new Object();
for (var i=0; i<pass.length; i++) {
letters[pass[i]] = (letters[pass[i]] || 0) + 1;
score += 5.0 / letters[pass[i]];
}


// bonus points for mixing it up
var variations = {
digits: /\d/.test(pass),
lower: /[a-z]/.test(pass),
upper: /[A-Z]/.test(pass),
nonWords: /\W/.test(pass),
}


var variationCount = 0;
for (var check in variations) {
variationCount += (variations[check] == true) ? 1 : 0;
}
score += (variationCount - 1) * 10;


return parseInt(score);
}

Good passwords start to score around 60 or so, here's function to translate that in words:

function checkPassStrength(pass) {
var score = scorePassword(pass);
if (score > 80)
return "strong";
if (score > 60)
return "good";
if (score >= 30)
return "weak";


return "";
}

you might want to tune this a bit but i found it working for me nicely


提交答案