// Main function function showPWStrength() { // load username and password into local variables var sUsername = document.MainForm.username.value; var sPassword = document.MainForm.password.value; // do we have a password? if (sPassword.length==0) { // hide the rating box PasswordRating.style.display='none'; return; } else { // show the rating box PasswordRating.style.display='block'; // check password length if (passwordLengthCheck(sPassword)=='short') { displayPasswordWeak(); return; } else { //Do we have a user name? if (sUsername.length>0) { // check that the username is not related to the password if (passwordSubsetUsername(sUsername.toLowerCase(),sPassword.toLowerCase())) { displayPasswordWeak(); return false; } } // okay, so we don't have a WEAK password, but check it's either intermediate or strong. var specialCharacterCounter = 0; //alert(specialCharacterCounter); // Does it contain lower case characters? if (passwordHasLowerCaseLetters(document.MainForm.password.value)) { specialCharacterCounter++; } // Does it contain upper case characters? if (passwordHasUpperCaseLetters(document.MainForm.password.value)) { specialCharacterCounter++; } // does it contain numerics if (passwordHasNumerics(document.MainForm.password.value)) { specialCharacterCounter++; } // does it contain "special characters" if (passwordHasSpecialCharacters(document.MainForm.password.value)) { specialCharacterCounter++; } // What are we to display? if (specialCharacterCounter >= 3) { displayPasswordStrong(); } else { displayPasswordIntermediate(); } } } } // Display functions function displayPasswordStrong() { // Set colour green PasswordSecurityStrength.innerText="Password is strong"; PasswordSecurityStrength.bgColor="#ccffcc"; } function displayPasswordIntermediate() { PasswordSecurityStrength.innerHTML="[?] Password is intermediate strength"; PasswordSecurityStrength.bgColor="#ffffcc"; } function displayPasswordWeak() { PasswordSecurityStrength.innerHTML="[?] Password is weak"; PasswordSecurityStrength.bgColor="#ff3333"; } function openWindow() { var url = 'passwordStrengthSuggestion.htm'; var refWin; refWin = window.open(url,'PasswordStrengthExplanation'); } // Check functions function passwordLengthCheck(password) { if (password.length<8) { return 'short'; } else { return 'long'; } } function passwordSubsetUsername(sUsername, sPassword) { // Only want to check this if the username is not exactly equal to the password if (sUsername != sPassword) { // Username and password are different, if more than 3 characters different then it's okay if (Math.abs(sUsername.length - sPassword.length) > 3) { // these differ by at more than three characters, so okay return false } else { // Is the password a substring of the username if (sUsername.indexOf(sPassword) != -1) { // The password is a subset of the username return true; } // Is the username a subset of the password else if (sPassword.indexOf(sUsername) != -1) { // The username is a subset of the password return true; } else { return false; } } } else { // Password is username return true; } } function passwordHasLowerCaseLetters(sPassword) { var RegularExpression = /[a-z]/ if (sPassword.search(RegularExpression)==-1) { return false; } else { return true; } } function passwordHasUpperCaseLetters(sPassword) { var RegularExpression = /[A-Z]/ if (sPassword.search(RegularExpression)==-1) { return false; } else { return true; } } function passwordHasNumerics(sPassword) { var RegularExpression = /[0-9]/ if (sPassword.search(RegularExpression)==-1) { return false; } else { return true; } } function passwordHasSpecialCharacters(sPassword) { // Array of special characters var specialCharacters = new Array('Ł','€','/','?',',','.','<','>',';','\`','"','~','!','@','#','$','%','^','&','*','(',')','_','+','-','=','{','}','|','[',']','\\',':'); // ); var bFound=false; // Iterate through the array of special characters for(var i=0; i