Password Strength Testing Program

By Nattakorn Masaya-anon (Khing) 1201

This java program contains a set of codes which determine the strength of the input
password. The two criteria are the password length and types of character used. In general, the
acceptable length of password is no fewer than eight characters (Angelo State University, n.d.),
while the characters should include symbols, uppercase letters, lowercase letters, and numbers
(Hoffman, 2018). Thus, the program is designed to evaluate these two properties and to give a
corresponding grade. It consists of four main parts: receiving input, evaluating length, evaluating
types of characters, and assessing overall score.
1. Receiving input
The string input is obtained by the use of Scanner class; the object scan collects a string
typed on the next line and assign it to the variable password. Then a new array of chars called
check is created by converting the whole password to char array—using a String method
.toCharArray, so that each character can be evaluated in the next step. Here, the length of the
password is set to an integer variable length by using the String method .length.

Example:

Input password =
Sbq250.4e

2. Evaluating length
A new integer variable lengthScore is created here to store the score after evaluation. By
using if statement, the password’s length is tested whether to be <8 characters, 8-12 characters, or
>12 characters, then the code outputs a corresponding comment which are ‘too short’, ‘good on
average’, and ‘great length’ respectively; this judgement is based on the recommended length in
multiple referenced sites. The lengthScore is then 1, 2, and 3, for they are the smallest countable
numbers.

Sbq250.4e = 9 characters’ long, so

the length falls in ‘good on average.’
 3. Evaluating types of characters
As there are four types of characters, four Boolean variables are created to store the state
of having each type of character or not. Then, the code loops through each char in the check array
with the use of Character methods which are .isLetter, .isDigit, isUpperCase, and .isLetterOrDigit.
If the char is neither a letter or a number, then it is a symbol and the Boolean symbol is true;
otherwise, the code will continue checking if the char is a letter or a number. For letter, it will
further check if it is an uppercase letter or not. Afterward, the four Boolean will either be assigned
to true or false, depending on the presence of the corresponding types of characters. When a value
is true, the integer variable typeScore will be incremented, and the final typeScore is added up. The
maximum score is 4, then coming down to 3, 2, and 1, respectively. The reason for using these
numbers as the score is that they are the smallest countable numbers, and therefore are easy to
manipulated.

S  uppercase

b, q, e  letter

2, 5, 0, 4  number

.  symbol

Sbq250.4e

= has all four types of characters, so all Booleans

are true, and the score typeScore is 4.z
 4. Assessing the overall score
Ultimately, the calculated lengthScore and typeScore will be used to determine the final
letter grade of the password, ranging from A+ to FF! Each specific combination results in a
different grade. As different combination of scores can summed up to the same number despite
having significantly distinct length or types of characters—some combinations receive high score
because one score is good but the other does not pass the standard, the letter grade is evaluated
based on the concatenation of the two number scores instead of the sum of both scores. Here, the
grading table is constructed.

type 4 types 3 types 2 types 1 type

(symbol, number,
length uppercase, letter)
4pt 3pt 2pt 1pt
Great length A+ B+ C+ D
(>12)
3pt
Good on A B C F
avg. (8-12)
2pt
Too short C D F FF
(<8)
1pt
// yellow = standard (recommended by referenced sources)
// red = below standard
// green = above standard

The concatenation begins with lengthScore then typeScore; the number is turned into a
string and assigned to the string variable result. Lastly, the switch statement compares result with
each possible case; it is faster to use the switch statement than to use the if statement because it
checks only the matching case and exits the checking right away with break keyword. When it
finds a match, the corresponding letter grade is announced, and the program ends.
 The lengthScore = 2

The typeScore = 4

Result = 24

So the corresponding grade is A.

Appendix: draft
References
Allen, S. (n.d.). Java Character: isLetter, isDigit and toLowerCase. Retrieved from Dot Net
Perls: https://www.dotnetperls.com/character-java
Hoffman, C. (2018, May 19). How to Create a Strong Password (and Remember It). Retrieved
from How-To Geek: https://www.howtogeek.com/195430/how-to-create-a-strong-
password-and-remember-it/
University, A. S. (n.d.). Password Guidelines. Retrieved from Information Technology:
https://www.angelo.edu/services/technology/it_policies/password_quality.php