Check password strength in Java example shows how to check password strength in Java. The example also shows how to check password strength using a regular expression.
Previously we covered how to validate username using regular expression and how to validate passwords using regular expression in Java. This example will show you how to check password strength using Java regular expression.
How to check password strength in Java?
Many websites show the strength of the password entered by the user to help them choose the stronger password during the registration process. Have you ever wondered how to do it? Well, this example will show you how.
Strength of the password can be calculated using various parameters like,
1) The total length of the password
2) The number of upper case and lower case letters
3) The number of digits in the password
4) The number of special characters in the password.
If the password has all these combinations, then it is generally considered to be a strong password. If the password contains many of them, then it might be of medium strength. If it contains very few combinations then it is considered to be a weak password.
We are going to calculate the password strength score between 0 and 10 depending upon the below criteria using the Java regular expression (RegEx).
Score Criteria:
1) If password length is less than 8, the password is very weak and the score will be zero. If password length is between 8 and 10, a score of 1 will be given. If password length is more than 10, a score of 2 will be given.
2) If the password contains at least 1 digit, a score of 2 will be given.
3) If the password contains at least 1 lower case letter, a score of 2 will be given.
4) If the password contains at least 1 upper case letter, a score of 2 will be given.
5) If the password contains at least 1 special character out of “~!@#$%^&*()_-“ characters, a score of 2 will be given.
Here is the example program to calculate password score based on above given criteria.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
package com.javacodeexamples.regex; public class CheckPasswordStrengthExample { public static void main(String[] args) { //test password strings String[] strPasswords = { "password", "password1a", "password01", "Password01", "P@ssword01", "abcd", "mypassword", "00000000", "AlphaRomeo4c", "fiatlinea2014", "F@rd1co", "F@rd1coSports", "Suzuki@lpha2016", "!vwvento2015", "!@#$%^&*Aa1", "myDream1@$$", "HelloWorld@001!" }; System.out.println("Java check password strength example passwords"); for(String password : strPasswords) System.out.println( password + ": " + calculatePasswordStrength(password) ); } private static int calculatePasswordStrength(String password){ //total score of password int iPasswordScore = 0; if( password.length() < 8 ) return 0; else if( password.length() >= 10 ) iPasswordScore += 2; else iPasswordScore += 1; //if it contains one digit, add 2 to total score if( password.matches("(?=.*[0-9]).*") ) iPasswordScore += 2; //if it contains one lower case letter, add 2 to total score if( password.matches("(?=.*[a-z]).*") ) iPasswordScore += 2; //if it contains one upper case letter, add 2 to total score if( password.matches("(?=.*[A-Z]).*") ) iPasswordScore += 2; //if it contains one special character, add 2 to total score if( password.matches("(?=.*[~!@#$%^&*()_-]).*") ) iPasswordScore += 2; return iPasswordScore; } } |
Output
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
Java check password strength example passwords password: 3 password1a: 6 password01: 6 Password01: 8 P@ssword01: 10 abcd: 0 mypassword: 4 00000000: 3 AlphaRomeo4c: 8 fiatlinea2014: 6 F@rd1co: 0 F@rd1coSports: 10 Suzuki@lpha2016: 10 !vwvento2015: 8 !@#$%^&*Aa1: 10 myDream1@$$: 10 HelloWorld@001!: 10 |
We used positive look ahead regular expressions to validate the password strength criteria. For example, expression “(?=.*[0-9]).*” checks whether the String contains any digits where,
|
1 2 3 4 |
?= - positive look ahead expression to assert the following condition .* - any character [0-9] - followed by any digit .* - followed by any character 0 or more times |
The same has been done for checking the lower case letter, upper case letter and special character requirements.
Here is the slightly modified calculatePasswordStrength method which also checks for the number of times a digit, upper case letter, and special character gets repeated in the password string.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
private static int calculatePasswordStrength(String password){ int iPasswordScore = 0; if( password.length() < 8 ) return 0; else if( password.length() >= 10 ) iPasswordScore += 2; else iPasswordScore += 1; /* * if password contains 2 digits, add 2 to score. * if contains 1 digit add 1 to score */ if( password.matches("(?=.*[0-9].*[0-9]).*") ) iPasswordScore += 2; else if ( password.matches("(?=.*[0-9]).*") ) iPasswordScore += 1; //if password contains 1 lower case letter, add 2 to score if( password.matches("(?=.*[a-z]).*") ) iPasswordScore += 2; /* * if password contains 2 upper case letters, add 2 to score. * if contains only 1 then add 1 to score. */ if( password.matches("(?=.*[A-Z].*[A-Z]).*") ) iPasswordScore += 2; else if( password.matches("(?=.*[A-Z]).*") ) iPasswordScore += 1; /* * if password contains 2 special characters, add 2 to score. * if contains only 1 special character then add 1 to score. */ if( password.matches("(?=.*[~!@#$%^&*()_-].*[~!@#$%^&*()_-]).*") ) iPasswordScore += 2; else if( password.matches("(?=.*[~!@#$%^&*()_-]).*") ) iPasswordScore += 1; return iPasswordScore; } |
Output
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
Java check password strength example passwords password: 3 password1a: 5 password01: 6 Password01: 7 P@ssword01: 8 abcd: 0 mypassword: 4 00000000: 3 AlphaRomeo4c: 7 fiatlinea2014: 6 F@rd1co: 0 F@rd1coSports: 8 Suzuki@lpha2016: 8 !vwvento2015: 7 !@#$%^&*Aa1: 8 myDream1@$$: 8 HelloWorld@001!: 10 |
We modified our method to check for the number of occurrences too using a regular expression. For example, “(?=.*[0-9].*[0-9]).*” expression checks if the string contains at least 2 digits where,
|
1 2 3 4 5 6 |
?= - positive look ahead for the following condition .* - any character [0-9] - followed by any digit .* - followed by any character [0-9] - followed by any digit (so total 2) .* - followed by any character |
You can add or remove any criteria to match your exact requirements.
This example is a part of the String in Java tutorial and Java RegEx tutorial.
Please let me know your views in the comments section below.
About the author
- Gson – Serialize HashMap null entries - April 5, 2023
- Gson: Convert String to JsonObject without POJO - April 5, 2023
- Gson – Convert JSON to a Typed ArrayList - April 5, 2023
You are Great, for students, who want to learn coding ideas with simple and quick you. So, Thank you very much.
Hi Ghanshyam,
Thank you very much for your kind words. I am glad that it is helpful. Do checkout the quiz section.
Hi Rahim,
doing good work
Hello Sudhakar,
Thank you for your kind words. I am glad to help.