Slightly evil password strength checker
Merge pull request #9 from cclauss/patch-1
b5d43cd0 — cclauss 6 years ago
Resolve conflicts
Merge pull request #10 from yozel/master


browse  log 



You can also use your local clone with git send-email.

#Slightly evil password strength checker

Checks how strong your user's password is via questionably ethical means.


Please don't actually use this.

>>> from evilpass import check_pass
>>> errors = check_pass("password", "email address", "username")
>>> errors
["Your password must be at least 8 characters long"]

#Password reuse is bad, okay?

So quit doing it. Use a password manager. I personally recommend pass.

#Side note

If you're actually checking user's password strength on sign up, I strongly suggest using an entropy-based strength estimation like zxcvbn instead of contrived composition rules like this, which are explicitly discouraged by NIST's current password guidelines. I also suggest not trying to log into your user's account on other sites.

#Future development

  • Automate use of proxies to avoid rate limiting and other things external services might do when they detect you're doing this
  • Add other external services to check
  • Store valid credentials in a database for evil purposes