Need Help Please

I want to create a password textbox that would tell if my password that I input is strong, good or weak

It will tell that my password is strong if it includes numbers, letters and special characters

good if it has letters and numbers

and if it has only letters or numbers it will be classified as weak

Here's the code I used:::

Private Sub TextBox1_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TextBox1.TextChanged
    Dim t As String = TextBox1.Text
    Dim upper As Integer
    Dim lower As Integer
    Dim numbers As Integer
    Dim other As Integer
    For i = 0 To t.Length - 1
        If Char.IsLetter(t(i)) Then
            If Char.IsUpper(t(i)) Then
                upper += 1
                Label1.Text = "Strong"
                lower += 1
                Label1.Text = "Weak"
            End If
        ElseIf Char.IsNumber(t(i)) Then
            numbers += 1
            Label1.Text = "Medium"
            other += 1
            Label1.Text = "Weak"
        End If
    Dim iSetTotal As Integer = upper + lower + numbers + other '// sum Total.
    If iSetTotal <= 5 Then Label1.BackColor = Color.Red '// if Less than 6.
    If iSetTotal > 5 AndAlso iSetTotal <= 10 Then Label1.BackColor = Color.Orange '// if Greater than 5 and less that 11.
    If iSetTotal > 10 Then Label1.BackColor = Color.Green '// if Greater than 10.
End Sub

End Class

  • But, it seems like it only tells if my password is strong or not depending on the length of the characters

What if i put in the password is "8Aa9$" and i want it to be viewed as a strong password ?

What should i Do ?

What should I Change in the code ?

3 Years
Discussion Span
Last Post by Hiroshe

What if i put in the password is "8Aa9$" and i want it to be viewed as a strong password ?

Even though it's not a strong password at all? ;3

Anyway, I'd probably go with something like this for your specified requirement:

Private Function PasswordStrength(ByVal password As String) As Integer
    Dim strength As Integer = 0

    If password.Any(Function(x) Char.IsLetter(x))
        strength += 1
    End If

    If password.Any(Function(x) Char.IsDigit(x))
        strength += 1
    End If

    If password.Any(Function(x) Char.IsPunctuation(x) Or Char.IsSymbol(x))
        strength += 1
    End If

    Return strength
End Function

Then in the event:

Select Case PasswordStrength(TextBox1.Text)
    Case 0
        Label1.Text = "Invalid Password"
    Case 1
        Label1.Text = "Weak"
    Case 2
        Label1.Text = "Medium"
    Case 3
        Label1.Text = "Strong"
End Select

Password entropy is usually calculated by log2(x) where x is the number of characters in the pool. For example, a password of length 8 using only upper and lower case characters would be

log2(52) * 8 = 45.6

The higher the entropy the better. However, even this number can be misleading. For example, the password "existentialism" has an entropy of 53.3 but is easily cracked in seconds using a dictionary attack. A good password should be

  1. easy to remember
  2. difficult to crack

If your password is a non-short phrase that includes upper and lower case characters and punctuation then it should satisfy both requirements. For example, the phrase

"Open the pod bay doors, Hal."

would have an entropy of roughly 162. I would change the code to calculate the entropy but also require at least

  1. one upper case character
  2. one lower case character
  3. one special character

If you include a digit then the example password could be

2001:Open the pod bay dooors, Hal.

which has an entropy of almost 200 and is still easily remembered.

Edited by Reverend Jim


A more advanced method would be something like as demonstrated here. It's source code is also available for review.

It estimates entropy taking into account dictionaries and common substitutions.

One thing that has been noted before: capital letters have less entropy per keystroke then lowercase letters. (ie, it takes 2 keystrokes to type in "G" which would have less entropy then "gx" which also takes 2 keystrokes), though it's arguable because how you type your password also depends on the positon of your hands (ie, "cWs" might not take extra time, because your left hand has an extra stroke to hold shift with).

Edited by Hiroshe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.