密码策略测试器
根据可配置的策略规则测试密码:长度、复杂性、禁用词。
策略规则
关于此工具
密码策略测试工具是一个根据可配置的安全规则来验证密码,确保其符合组织或应用程序特定要求的工具。与其猜测密码是否足够强大,不如用此工具根据多个标准进行检查——最小长度、复杂性规则(大写字母、小写字母、数字、符号)以及禁用词汇的黑名单。通过了解密码通过或未通过的规则,您可以加强弱密码并确保整个系统的安全标准一致。
使用测试工具很简单:输入您的密码并自定义对您很重要的策略规则。设置最小长度要求,打开或关闭复杂性规则,并添加密码中不应该出现的禁用词汇或模式。该工具即刻显示您的密码符合哪些规则以及哪些规则未通过,提供直观的视觉反馈。这对于构建身份验证系统的开发人员、实施企业密码策略的IT管理员,以及需要在部署或用户注册前验证密码的任何人特别有用。
密码策略是网络安全的基石,不同的背景需要不同的规则——简单的PIN与企业密码不同,企业密码与加密密钥也不同。此工具帮助您探索安全强度和可用性之间的权衡,并理解为什么某些规则很重要。无论您是为团队设计密码策略、向用户传授安全标准,还是仅仅对密码强度评估感到好奇,此工具都能阐明安全身份验证背后的规则。
常见问题
代码实现
import re
from dataclasses import dataclass, field
from typing import Optional
@dataclass
class PasswordPolicy:
min_length: int = 8
max_length: int = 128
require_uppercase: bool = True
require_lowercase: bool = True
require_digit: bool = True
require_symbol: bool = True
min_unique_chars: int = 5
forbidden_patterns: list[str] = field(default_factory=lambda: [
r"(..)\1{2,}", # repeated two-char block 3+ times
r"(.)\1{3,}", # same char 4+ times in a row
r"(?i)password", # literal word "password"
r"(?i)qwerty",
])
symbol_chars: str = r"!@#$%^&*()-_=+[]{}|;':",./<>?"
@dataclass
class PolicyResult:
passed: bool
violations: list[str] = field(default_factory=list)
score: int = 0 # 0-100
def check_password(password: str, policy: Optional[PasswordPolicy] = None) -> PolicyResult:
if policy is None:
policy = PasswordPolicy()
violations: list[str] = []
score = 0
# Length checks
if len(password) < policy.min_length:
violations.append(f"Too short: minimum {policy.min_length} characters")
elif len(password) >= policy.min_length:
score += 25
if len(password) > policy.max_length:
violations.append(f"Too long: maximum {policy.max_length} characters")
# Character class checks
if policy.require_uppercase and not re.search(r"[A-Z]", password):
violations.append("Must contain at least one uppercase letter")
else:
score += 15
if policy.require_lowercase and not re.search(r"[a-z]", password):
violations.append("Must contain at least one lowercase letter")
else:
score += 15
if policy.require_digit and not re.search(r"\d", password):
violations.append("Must contain at least one digit")
else:
score += 15
if policy.require_symbol and not re.search(
f"[{re.escape(policy.symbol_chars)}]", password
):
violations.append("Must contain at least one symbol")
else:
score += 15
# Unique characters
if len(set(password)) < policy.min_unique_chars:
violations.append(f"Must use at least {policy.min_unique_chars} different characters")
else:
score += 15
# Forbidden patterns
for pattern in policy.forbidden_patterns:
if re.search(pattern, password):
violations.append(f"Contains forbidden pattern: {pattern}")
passed = len(violations) == 0
return PolicyResult(passed=passed, violations=violations, score=min(score, 100))
# Example usage
if __name__ == "__main__":
tests = ["abc", "Password1!", "C0rrectH0rseBatteryStaple!"]
policy = PasswordPolicy(min_length=12)
for pwd in tests:
result = check_password(pwd, policy)
print(f"{pwd!r}: passed={result.passed}, score={result.score}")
for v in result.violations:
print(f" - {v}")Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.