- First of all, check for a list of well-known easy to break passwords to foil a dictionary attack, and reject it if it’s there.
- Then check that it’s at least 8 characters, and reject it if it’s not.
- Then implement a counter to measure how secure it is by various checks.
- Then add to the rating if it’s more than 12 characters.
- Add to the rating if it contains lowercase letters.
- Add to the rating if it contains uppercase letters.
- Add to the rating if it contains numbers.
- Add to the rating if it contains nonalphanumeric characters.
- Finally, convert the result to a percentage score and return it as an integer.
The finished article’s available here as a .zip file if you’d like to use it, or just take a look at the code. Be warned, it’s quite long due to the fact that the list of insecure passwords I used had in excess of 3,000 entries in it! It includes a very simple HTML form which will allow you to submit a function and will return a score for it via an alert() dialogue. Feel free to use it if you wish!