Check password complexity

[guinness]

OK, thanks for explaining.

[jazzyjeff]

Hey Guiness,

So I tried the script with the new function you created and that achieves what I need and like I said before, it looks way nicer than my code! :-)

Here is what I came up with quickly. I'll have to tweak it a little to get it to achieve what I exactly want, but this is really good.

expandcollapse popup

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Array.au3>
#include <AD.au3>
#include <Crypt.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <Misc.au3>
#include <_PasswordValid.au3>

$lower = 0
$upper = 0
$digit = 0
$special = 0
$pwChange = 0
Global $newPassword, $val
$rUser = @UserName
HotKeySet("{LWIN}","_Windows")
HotKeySet("{RWIN}","_Windows")
#Region ### START Koda GUI section ### Form=
$formBKG = GUICreate("",@DesktopWidth, @DesktopHeight, 0, 0,$WS_POPUP)
GUISetBkColor(0x000000)
GUISetState(@SW_SHOW)
$formMain = GUICreate("Password Utility", 664, 200, -1,-1)
$lblPassword = GUICtrlCreateLabel("Your Password has expired. Please enter a new password for your account.", 8, 8, 288, 37)
$txtPassword = GUICtrlCreateInput("", 8, 45, 281, 21, BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD))
$txtPasswordConfirm = GUICtrlCreateInput("", 8, 75, 281, 21, BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD))
$btnPassword = GUICtrlCreateButton("Set Password", 216, 115, 75, 25)
$lblSuggestions = GUICtrlCreateLabel("", 8, 150, 300, 50)
$lblFname = GUICtrlCreateLabel("First Name: ", 420, 8, 237, 17)
$lblLName = GUICtrlCreateLabel("Last Name: ", 420, 37, 237, 17)
$lblUName = GUICtrlCreateLabel("Username: ", 420, 66, 237, 17)
$lblID = GUICtrlCreateLabel("Student ID: ", 420, 95, 237, 17)
$lblPasswordExp = GUICtrlCreateLabel("Password Expiration:", 420, 128, 237, 17)
GUISetState(@SW_SHOW)
;_ArrayDisplay($winPos)
WinSetOnTop("Password Utility","",1)
#EndRegion ### END Koda GUI section ###
_AD_Open()
$objProperties = _AD_GetObjectProperties($rUser)
$objCN = _AD_GetObjectProperties($rUser,"cn")
$objGivenName = _AD_GetObjectProperties($rUser,"givenName")
$objEmployeeID = _AD_GetObjectProperties($rUser,"employeeID")
$objSN = _AD_GetObjectProperties($rUser,"sn")
$objPWExpiration = _AD_GetObjectProperties($rUser,"msDS-UserPasswordExpiryTimeComputed")
$objFQDN = _AD_GetObjectProperties($rUser,"distinguishedName")
If IsArray($objCN) Then
    If $objCN[0][0] <> 0 Then
        $userName = $objCN[1][1]
    Else
        $userNameName = "Unavailable"
    EndIf
EndIf
If IsArray($objSN) Then
    If $objSN[0][0] <> 0 Then
        $lastName = $objSN[1][1]
    Else
        $lastName = "Unavailable"
    EndIf
EndIf
If IsArray($objGivenName) Then
    If $objGivenName[0][0] <> 0 Then
        $firstName = $objGivenName[1][1]
    Else
        $firstName = "Unavailable"
    EndIf
EndIf
If IsArray($objEmployeeID) Then
    If $objEmployeeID[0][0] <> 0 Then
        $employeeID = $objEmployeeID[1][1]
    Else
        $employeeID = "Unavailable"
    EndIf
EndIf
If IsArray($objPWExpiration) Then
    If $objPWExpiration[0][0] <> 0 Then
        $pwExpiration = $objPWExpiration[1][1]
    Else
        $pwExpiration = "Unavailable"
    EndIf
EndIf

;_ArrayDisplay($objProperties)
_AD_Close()
GUICtrlSetData($lblFname,"First Name: " & $firstName)
GUICtrlSetData($lblLName,"Last Name: " & $lastName)
GUICtrlSetData($lblUName,"Username: " & $userName)
GUICtrlSetData($lblID,"Student ID: " & $employeeID)
GUICtrlSetData($lblPasswordExp,"Password Expiration: " & $pwExpiration)
$Pic1 = GUICtrlCreatePic("C:\" & $employeeID & ".jpg", 312, 8, 100, 108)

While 1
    $winPos = WinGetPos("Password Utility")
    _MouseTrap($winPos[0],$winPos[1],$winPos[2],$winPos[3])
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $btnPassword
            Local $hPassword = _PasswordValid_Create()
            _PasswordValid_Ints($hPassword, 1)
            _PasswordValid_Length($hPassword, 8)
            _PasswordValid_LowerCase($hPassword, 1)
            _PasswordValid_UpperCase($hPassword, 1)
            ;_PasswordValid_Special($hPassword, 1)
            $passwordCheck = _PasswordValid_Validate($hPassword, GUICtrlRead($txtPassword))
            Local $iErrorFlag = @extended
            If $passwordCheck = False Then
                PasswordError($iErrorFlag)
            ElseIf $passwordCheck = True Then
                $passwordCheck1 = IsUsernameInPassword($rUser, GUICtrlRead($txtPassword), 3)
            EndIf
            If $passwordCheck1 = False Then
                GUICtrlSetData($lblSuggestions,"Password Set")
            ElseIf $passwordCheck1 = True Then
                GUICtrlSetData($lblSuggestions,"The password contains the username")
            EndIf
    EndSwitch
WEnd
Func _Windows()
    Sleep(50)
EndFunc
Func PasswordError($iFlag = @extended)
    If $iFlag = 0 Then
        Msgbox(0,"",'The password was valid.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_CONSECUTIVE) Then
        Msgbox(0,"",'The password contained repeating characters e.g. S in Password.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_INTS) Then
        Msgbox(0,"",'The password didn''t contain the minimum number of digits.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_LENGTH) Then
        Msgbox(0,"",'The password didn''t match the miminum length.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_LOWERCASE) Then
        Msgbox(0,"",'The password didn''t contain the minimum number of lowercase characters.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_SPACE) Then
        Msgbox(0,"",'The password contained space(s).' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_SPECIAL) Then
        Msgbox(0,"",'The password didn''t contain the minimum number of special characters.' & @CRLF)
    EndIf
    If BitAND($iFlag, $PASSWORDVALID_FLAG_UPPERCASE) Then
        Msgbox(0,"",'The password didn''t contain the minimum number of uppercase characters.' & @CRLF)
    EndIf
    Return True
EndFunc   ;==>PasswordError

[guinness]

Let me know if you want something added.

[jazzyjeff]

Kylomas and Edano. Thanks for your code examples. I will test these out too and let you know how it works. I was on a bit of a time crunch yesterday and had to get out what worked, although I know my code is not the best. I'll have some time now to play around with it and make the code look better and work better.

[jazzyjeff]

Guiness, you're being too kind! :-) 

Ok, well it would be cool if it could suggest a working password based on the password that the user entered. For example in my original code, I had it check for missing requirements from the users password and then the script would present an example of what would work.

e.g.

User enters password:

hello123

This fails because it is missing an uppercase character, so it suggests:

Hello123

Or,

User enters password:

TechNology

This fails because it is missing a number, so it suggests:

TechNology1

So in my first revision of this, I had it randomly generate a number if it were missing a number, or replace the first character with an upper case if it were missing an upper case character.

I get you're trying to make this UDF appeal to the masses too, so password suggestions may be an option that you could turn off or on.

Also, if it could tell what characters from the username are consecutive within the password.

Sorry, I know that's probably a lot, but I think that would improve it. At least from my standpoint.

[guinness]

I can certainly think about it. The idea I would probably take from what you've suggested is displaying the consecutive characters found (even though I haven't add that part of the code yet.)

I understand your first suggestion, but I'm just not keen on manipulating the password. I would rather a user changes the password manually, as I can see a user will just skip the suggestion message and then you'll get into a situation of "well it didn't warn me."

[guinness]

In the end I've decided not pursue this addition anymore, sorry about that.

[czardas]

In reality the password 'Hello' is no stronger than the password 'hello'. If both upper and lower case letters are allowed, then any letter has the same chance of occuring. In reality capitals are used less frequently. Some letters occur more often than others within specific languages. There appears to be no clear cut general solution for password strength.

>loch ness monster case is probably pretty good for passwords.

Edited August 15, 2013 by czardas

[Gianni]

not exactly "on topic" but useful for a final check of the overall entropy of the password