Skip to content

Instantly share code, notes, and snippets.

@ArrayIterator
Last active May 12, 2024 05:32
Show Gist options
  • Save ArrayIterator/46fe3cca551d91784e074e605716e85a to your computer and use it in GitHub Desktop.
Save ArrayIterator/46fe3cca551d91784e074e605716e85a to your computer and use it in GitHub Desktop.
Simple Password Strength Checker & Generator - https://github.com/ArrayIterator/simple-passwordscore
/**
* Simple Password Strength Checker
* ~ Password Score based on the following rules:
* PasswordScore(password: string, username: string|null): number
* ~ Generate Password based on the following rules:
* GeneratePassword(length: number = 12): string
* ~ Password Strength Level:
* PASSWORD_WEAK: 0
* PASSWORD_MEDIUM: 1
* PASSWORD_STRONG: 2
* PASSWORD_VERY_STRONG: 3
* PASSWORD_FAILED: -1
*/
const PASSWORD_WEAK = 0;
const PASSWORD_MEDIUM = 1;
const PASSWORD_STRONG = 2;
const PASSWORD_VERY_STRONG = 3;
const PASSWORD_FAILED = -1;
const dictionaries = {
common: [
'pas+wor[dt]', 'sandi', 'rahasia',
'secret', 'jesus', 'holy', 'praise',
'horse', 'pony', 'unicorn', 'dragon', 'football', 'baseball', 'soccer',
'hockey', 'ncc1701', 'sword', 'access', 'root', 'super', 'linux',
'i\s*love\s*y?o?u', 'trust', 'princess', 'sunshine', 'shadow',
'ashley', 'blink182', 'cheese', 'chicken', 'pepper', 'coffee', 'cookie',
'diamond', 'falcon', 'freedom', 'ginger', 'hammer', 'summer', 'thunder',
'william', 'winner', 'wizard', 'halo', 'gandalf', 'bond007', 'brandon',
'jami?es?', 'steven?', 'rachel', 'daniel', 'george', 'compaq', 'merlin',
'chris', 'crystal', 'dallas', 'michelle', 'michael', 'master', 'github',
'losalamos', 'nuclear', 'losangeles', 'newyork', 'sanfrancisco',
'animal', 'planet', 'galaxy', 'universe', 'solar', 'system', 'star',
'anime', 'manga', 'cartoon', 'comic', 'movie', 'series', 'drama',
'television', 'music', 'song', 'lyric', 'album', 'artist?', 'band', 'guitar', 'drum',
'lagu', 'lirik', 'gitar',
'bass', 'keyboard', 'piano', 'violin', 'cello', 'trumpet', 'saxophone',
'clarinet', 'flute', 'oboe', 'trombone', 'harmoni[kc]a',
'seruling', 'harpa', 'java', 'python', 'javascript', 'typescript', 'html',
'freedom', 'liberty', 'independence', 'democracy', 'republic', 'monarchy',
'merdeka', 'merahputih', 'bh*in+eka', 'tunggal', 'unity', 'diversity',
'antelope', 'bear', 'bird', 'bison', 'buffalo', 'butterfly', 'camel',
'cattle', 'cheetah', 'chicken', 'chimpanzee', 'crab',
'crocodile', 'deer', 'dog', 'dolphin', 'duck', 'eagle', 'elephant',
'gajah', 'flamingo', 'fox', 'frog', 'giraffe', 'goat', 'goldfish',
'semut', 'katak', 'jerapah', 'kambing', 'ikan', 'hamster', 'kuda',
'kangaroo', 'koala', 'lion', 'lizard', 'lobster', 'monkey', 'moose',
'kang+uru', 'nyamuk', 'singa', 'kadal', 'lobster', 'monyet', 'rusa',
'sapi', 'facebook', 'instagram', 'twitter', 'youtube', 'google',
'pinterest', 'tumblr', 'reddit', 'linkedin', 'whatsapp', 'telegram',
'yahoo', 'bing', 'amazon', 'ebay', 'paypal', 'apple', 'microsoft',
'android', 'linux', 'unix', 'windows', 'macos', 'safari', 'chrome',
'firefox', 'opera', 'edge', 'explorer', 'brave', 'vivaldi', 'browser',
'ubuntu', 'debian', 'centos', 'fedora', 'redhat', '(open\s*)?suse', 'slackware',
'power', 'ranger', 'angel', 'demon', 'devil', 'heaven', 'hell', 'earth',
'bimasakti', 'galaksi', 'sistem', 'bintang', 'matahari',
],
places: [
'afgh?anistan', 'albania', 'algeria', 'andor+a', 'angola', 'antigua', 'barbuda',
'argentina', 'armenia', 'australia', 'austria', 'azerbaijan', 'bahamas?', 'bahrain',
'bangladesh?', 'barbados', 'belarus', 'belgium', 'belize', 'benin', 'bhutan', 'bolivia',
'bosnia', 'herzegovina', 'botswana', 'bra[zs]il', 'brunei', 'bulgaria', 'burkina', 'burundi',
'cambodia', 'cameroon', 'canada', 'cape\s*verde', 'central\s*african\s*republic',
'chad', 'chile', 'china', 'colombia', 'comoros', 'congo', 'costa\s*rica', 'croatia',
'cuba', 'cyprus', 'czech', 'denmark', 'djibouti', 'dominica', 'dominican\s*republic',
'east\s*timor', 'ecuador', 'egypt', 'el\s*salvador', 'equatorial\s*guinea', 'eritrea',
'estonia', 'ethiopia', 'fiji', 'finland', 'france', 'gabon', 'gambia', 'georgia',
'germany', 'ghana', 'greece', 'grenada', 'guatemala', 'guinea', 'guinea-bissau',
'guyana', 'haiti', 'honduras', 'hungary', 'iceland', 'india', 'indonesia', 'iran',
'iraq', 'ire?land(ia)?', 'jabooty', 'jamaica', 'japan', 'jordan', 'kazakhstan',
'kenya', 'kiribati', 'korea', 'kosovo', 'kuwait', 'kyrgyzstan', 'laos', 'latvia',
'lebanon', 'lesotho', 'liberia', 'libya', 'liechtenstein', 'lithuania', 'luxembourg',
'macedonia', 'madagascar', 'malawi', 'malaysia', 'maldives', 'mali', 'malta', 'marshall',
'mauritania', 'mauritius', 'mexico', 'micronesia', 'moldova', 'monaco', 'mongolia',
'montenegro', 'morocco', 'mozambique', 'myanmar', 'namibia', 'nauru', 'nepal',
'netherlands', 'new\s*zealand', 'nicaragua', 'niger', 'nigeria', 'norway', 'oman',
'pakistan', 'palau', 'panama', 'papua\s*new\s*guinea', 'paraguay', 'peru', 'philippines',
'poland', 'portugal', 'qatar', 'romania', 'russia', 'rwanda', 'saint\s*kitts', 'nevis',
'saint\s*lucia', 'saint\s*vincent', 'samoa', 'san\s*marino', 'sao\s*tome', 'principe',
'saudi\s*arabia', 'senegal', 'serbia', 'seychelles', 'sierra\s*leone', 'singap[uo]r[ea]',
'slovakia', 'slovenia', 'solomon\s*islands', 'somalia', 'south\s*africa', 'south\s*sudan',
'spain', 'sri\s*lanka', 'sudan', 'suriname', 'swaziland', 'sweden', 'switzerland',
'syria', 'taiwan', 'tajikistan', 'tanzania', 'th?ailand?', 'togo', 'tonga', 'trinidad',
'tobago', 'tunisia', 'turkey', 'turkmenistan', 'tuvalu', 'uganda', 'ukraine', 'arabia',
'united\s*kingdom', 'america', 'uruguay', 'uzbekistan', 'vanuatu', 'vatican', 'venezuela',
'england', 'scotland', 'wales', 'vietnam', 'yemen', 'zambia', 'zimbabwe',
'antarctica', 'arctic', 'atlantic', 'pacific', 'indian', 'ocean', 'amazon', 'nile',
'mississippi', 'missouri', 'colorado', 'ohio', 'tennessee', 'alabama', 'florida',
'georgia', 'carolina', 'dakota', 'virginia', 'maryland', 'delaware', 'pennsylvania',
'new\s*york', 'new\s*jersey', 'new\s*hampshire', 'new\s*mexico', 'new\s*england',
'los\s*angeles', 'san\s*francisco', 'washington', 'oregon', 'idaho', 'montana',
'wyoming', 'utah', 'nevada', 'arizona', 'texas', 'oklahoma', 'kansas', 'nebraska',
'iowa', 'missouri', 'illinois', 'indiana', 'michigan', 'ohio', 'kentucky',
'tennessee', 'alabama', 'georgia', 'florida', 'carolina', 'virginia', 'maryland',
'delaware', 'pennsylvania', 'new\s*york', 'new\s*jersey', 'new\s*hampshire',
'new\s*mexico', 'new\s*england', 'alaska', 'hawaii', 'canada', 'greenland',
'moscow', 'beijing', 'tokyo', 'delhi', 'mumbai', 'moskow', 'manila', 'seoul',
'bangkok', 'hanoi', 'phnom\s*penh', 'vientiane', 'kuala\s*lumpur', 'papua',
'iceland', 'ireland', 'scotland', 'wales', 'england', 'france', 'germany', 'jerman',
'jawa', 'bali','lombok', 'surabaya', 'semarang', 'bandung', 'jakarta', 'medan',
'palembang', 'aceh', 'padang', 'pekanbaru', 'jambi', 'bangka', 'belitung', 'lampung',
'banten', 'bogor', 'depok', 'tangerang', 'bekasi', 'cirebon', 'tasikmalaya', 'garut',
'sukabumi', 'cianjur', 'cikarang', 'karawang', 'purwakarta', 'subang', 'indramayu',
'majalengka', 'sumedang', 'ciamis', 'banjar', 'pangandaran', 'bandung', 'garut',
'malang', 'blitar', 'kediri', 'jember', 'banyuwangi', 'tulungagung', 'trenggalek',
'ponorogo', 'pacitan', 'madiun', 'ngawi', 'magetan', 'bojonegoro', 'tuban', 'lamongan',
'gresik', 'sidoarjo', 'mojokerto', 'jombang', 'surabaya', 'pasuruan', 'probolinggo',
'situbondo', 'bondowoso', 'banyuwangi', 'jember', 'lumajang', 'batu',
'bangkalan', 'sampang',
// mountains
'bromo', 'ijen', 'merapi', 'merbabu', 'lawu', 'semeru', 'rinjani', 'agung', 'batur',
'tambora', 'toba', 'kerinci', 'dempo', 'sumbing', 'sindoro', 'sumbing', 'slamet',
'guntur', 'salak', 'ciremai', 'galunggung', 'krakatau', 'semeru', 'bromo', 'ijen',
'merapi', 'merbabu', 'lawu', 'rinjani', 'agung', 'batur', 'tambora', 'toba', 'kerinci',
'dempo', 'sumbing', 'sindoro', 'sumbing', 'slamet', 'guntur', 'salak', 'ciremai',
'denali', 'foraker', 'hunter', 'mckinley', 'whitney', 'shasta', 'hood', 'adams',
'sanford', 'foraker', 'churchill', 'crillon', 'blackburn', 'fairweather', 'baker',
'waddington', 'robson', 'columbia', 'revelation', 'tupper', 'fairweather', 'churchill',
// ... etc
]
}
const weakLength = (password) => {
return password.length <= 6;
}
const veryStrongLength = (password) => {
return password.length >= 12;
}
const strongLength = (password) => {
return password.length >= 8;
}
let regexDictionary;
/**
* Scoring password
*
* @param {string} password
* @param {string|null} username
* @returns {number}
* @constructor
*/
function PasswordScore(password, username = null) {
if (typeof password !== "string" || password.length === 0 || password.trim() === "") {
return PASSWORD_FAILED;
}
if (weakLength(password)) {
return PASSWORD_WEAK;
}
// check if password contain number only and space
if (!/[^0-9\s*]/.test(password)) {
return PASSWORD_WEAK;
}
// check if password contain alphabet only and space
if (!/[^a-zA-Z\s*]/.test(password)) {
return PASSWORD_WEAK;
}
// check if contain started with password
if (/^password/i.test(password)) {
return PASSWORD_WEAK;
}
// check if contain username
if (typeof username === 'string' && username.trim().length > 4) {
username = username.trim().toLowerCase();
const lowerPassword = password.toLowerCase();
if (lowerPassword.includes(username)) {
return PASSWORD_WEAK;
}
}
// strong password should contain uppercase, lowercase, number, and special character
const isStrong = (/[A-Z]/.test(password)
&& /[a-z]/.test(password)
&& /[0-9]/.test(password)
&& /[^a-zA-Z0-9\s]/.test(password)
);
// create regex dictionary
if (!regexDictionary) {
let commonPasswordDictionary = [];
for (let key in dictionaries) {
const dict = dictionaries[key];
commonPasswordDictionary = commonPasswordDictionary.concat(dict);
// free memory
dictionaries[key] = [];
}
// make unique
commonPasswordDictionary = Array.from(new Set(commonPasswordDictionary));
regexDictionary = new RegExp(commonPasswordDictionary.join('|'), 'i');
}
// if contain dictionary word
if (regexDictionary.test(password)) {
// just ignorance about 20 characters or more
// about contain dictionary word
if (isStrong && password.length >= 20) {
return PASSWORD_STRONG;
}
// if is very strong it will be as medium, otherwise weak
return !isStrong || !veryStrongLength(password) ? PASSWORD_WEAK : PASSWORD_MEDIUM;
}
if (isStrong && veryStrongLength(password)) {
// check if contain repeated 4 or more characters
if (/(.)\1{3,}/.test(password)) {
return PASSWORD_STRONG;
}
return PASSWORD_VERY_STRONG;
}
// check if contain repeated 4 or more characters
if (isStrong && strongLength(password) && !/(.)\1{3,}/.test(password)) {
return PASSWORD_STRONG;
}
return PASSWORD_MEDIUM;
}
function GeneratePassword(length = 12) {
const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
const lowercase = 'abcdefghijklmnopqrstuvwxyz';
const number = '0123456789';
const special = '!@#$%^&*()_+-=[]{}|;:,.<>?';
const all = uppercase + lowercase + number + special;
const generate = (length) => {
let password = '';
for (let i = 0; i < length; i++) {
password += all[Math.floor(Math.random() * all.length)];
}
return password;
}
if (length < 6) {
return generate(length);
}
let password;
let maxCount = 100;
const strongRecord = [];
const mediumRecord = [];
do {
password = generate(length);
const score = PasswordScore(password);
if (score === PASSWORD_VERY_STRONG) {
return password;
}
if (score === PASSWORD_STRONG) {
strongRecord.push(password);
continue;
}
if (strongRecord.length === 0 && score === PASSWORD_MEDIUM) {
mediumRecord.push(password);
}
} while (maxCount-- > 0);
if (strongRecord.length > 0) {
return strongRecord[Math.floor(Math.random() * strongRecord.length)];
}
if (mediumRecord.length > 0) {
return mediumRecord[Math.floor(Math.random() * mediumRecord.length)];
}
// password is nopt strong enough we add the special character & alph numeric
password = generate(length - 4);
password += number[Math.floor(Math.random() * number.length)];
password += special[Math.floor(Math.random() * special.length)];
password += uppercase[Math.floor(Math.random() * uppercase.length)];
password += lowercase[Math.floor(Math.random() * lowercase.length)];
// shuffle password
password = password.split('').sort(() => Math.random() - 0.5).join('');
return password;
}
PasswordScore.PASSWORD_WEAK = PASSWORD_WEAK;
PasswordScore.PASSWORD_MEDIUM = PASSWORD_MEDIUM;
PasswordScore.PASSWORD_STRONG = PASSWORD_STRONG;
PasswordScore.PASSWORD_VERY_STRONG = PASSWORD_VERY_STRONG;
PasswordScore.PASSWORD_FAILED = PASSWORD_FAILED;
PasswordScore.generatePassword = GeneratePassword;
PasswordScore.isStrong = (password, username = null) => PasswordScore(password, username) >= PASSWORD_STRONG;
PasswordScore.isVeryStrong = (password, username = null) => PasswordScore(password, username) >= PASSWORD_VERY_STRONG;
PasswordScore.score = PasswordScore;
Object.freeze(PasswordScore);
// export default PasswordScore; // module
// window.PasswordScore = PasswordScore; // for umd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment