#SIF Cyber Security Foundational Week 6 - Password Checker

#Password Checker

Both ISO 27000 and NIST provide guidelines for password standards and operating procedures to enhance the security of information systems. However, there are some differences between the two standards:

Password Complexity: ISO 27000 requires passwords to be complex, containing a combination of upper and lowercase letters, numbers, and special characters. NIST, on the other hand, recommends the use of long and easy-to-remember passphrases, rather than complex passwords.

Password Length: ISO 27000 requires a minimum password length of 8 characters, while NIST recommends a minimum length of 15 characters.

Password Aging: ISO 27000 recommends password aging policies, which require users to change their passwords periodically. NIST, however, recommends against password aging policies, instead encouraging the use of multi-factor authentication and other security measures.

#Code for Password Checking


In [None]:
import re

def password_strength(password):
    # Calculate the password length score
    length_score = min(2 * len(password), 20)

    # Calculate the password complexity score
    complexity_score = 0
    if re.search("[a-z]", password):
        complexity_score += 1
    if re.search("[A-Z]", password):
        complexity_score += 1
    if re.search("[0-9]", password):
        complexity_score += 1
    if re.search("[^a-zA-Z0-9]", password):
        complexity_score += 1
    complexity_score = min(max(complexity_score, 2), 4) * 10

    # Calculate the password entropy score
    entropy_score = min(10, int(len(password) / 4))

    # Calculate the password overall strength score
    strength_score = length_score + complexity_score + entropy_score

    # Calculate the password strength percentage
    strength_percentage = int((strength_score / 70) * 100)

    # Return the password strength percentage and recommendations
    recommendations = []
    if length_score < 10:
        recommendations.append("Use a longer password.")
    if complexity_score < 30:
        recommendations.append("Use a more complex password with a mix of lowercase letters, uppercase letters, digits, and special characters.")
    if entropy_score < 3:
        recommendations.append("Use a more random password.")
    return strength_percentage, recommendations

# Ask the user for a password input
password = input("Enter your password: ")

# Call the password_strength function to get the password strength percentage and recommendations
strength_percentage, recommendations = password_strength(password)

# Print the password strength percentage and recommendations
print("Password strength:", strength_percentage, "%")
if recommendations:
    print("Recommendations:")
    for recommendation in recommendations:
        print("-", recommendation)

#Pause and Think 🤔 

Based on the code above, what are some of the guidelines for password requirements? List them in the box below.

In [None]:
#Type your response here. Running the code cell is not needed.







#Password Standards and Operating Procedures

Citizens can take away the following action steps to improve their password security:

1.   Use complex passwords or passphrases that are easy to remember but difficult to guess.

2.   Use different passwords for different accounts.

3.   Avoid using personal information, such as names or birthdates, in passwords.

4.   Consider using a password manager to generate and store unique, complex passwords.

5.   Regularly update passwords and avoid reusing old passwords.

6.   Enable multi-factor authentication where possible to add an extra layer of security to accounts.



