Building a Password Checker: Strength + Breach Detection in Python
I recently built my second cybersecurity tool — a password checker that does two things: analyzes password strength AND checks if it's been leaked in a data breach. Here's how I built it.
The Inspiration
After building my first tool (a multi-threaded port scanner), I wanted to tackle something directly related to everyday security. Passwords are everywhere, and most people don't know if their passwords are strong or if they've been exposed in a breach.
I wanted to build a tool that would answer two questions:
- Is this password strong?
- Has this password been leaked?
What It Does
🔐 1. Strength Analysis
The tool checks five criteria and gives a score from 0-6:
| Criteria | Points |
|---|---|
| Length (12+ characters) | +2 |
| Length (8-11 characters) | +1 |
| Uppercase letters | +1 |
| Lowercase letters | +1 |
| Numbers | +1 |
| Symbols (!@#$%^&*) | +1 |
Score Interpretation:
| Score | Rating |
|---|---|
| 5-6 | 🟢 GREAT |
| 4 | 🟢 GOOD |
| 3 | 🟡 DECENT |
| 0-2 | 🔴 WEAK |
🛡️ 2. Breach Detection
The tool checks the HaveIBeenPwned API to see if your password appears in any known data breaches.
How it stays secure:
- Your password is never sent over the internet
- Only the first 5 characters of the SHA-1 hash are sent
- This is called k-anonymity — the API never sees your full password
Conclusion
Building this password checker taught me a lot about:
Working with APIs
Cryptographic hashing
Privacy-first design
Creating useful, user-friendly tools
If you're learning cybersecurity or Python, I highly recommend building tools like this. You learn far more than you would from following tutorials alone.
This is my second cybersecurity project. If I can build it, so can you. 🚀
Top comments (0)