Password Testing in Python

Question

I have the following code to test a password for strength:

import string
def golf(password):
    if len(password) >= 10:
        if any(char.isdigit() for char in password):
            if any(string.punctuation for char in password):
                if any(char.isalpha() for char in password):
                    if any(char.isupper() for char in password):
                        if any(char.islower() for char in password):
                            return True
    return False

I know it can be done better! It needs to test for the following ...

The password will be considered strong enough if it has at least 10 characters contains at least one digit contains at least one uppercase letter contains at least one lowercase letter. The password may only contain ASCII Latin letters or digits, but no punctuation symbols.

EDIT

OK for anyone else i got it down to the following with regex.

import re
def golf(password):
    return re.match( r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.{10,30}).+$', password)

Apparently it can still be shorter...

`if any(string.punctuation for char in password):` looks wrong — John Coleman, Jul 19 '17 at 00:34
I understand this might just be an exercise, but it you really are using this with people's security, please consider using a library like **zxcvbn**. It's what they use at DropBox. There's even a Python port https://github.com/dwolfhub/zxcvbn-python. It's designed specifically to foil pw crackers, which is difficult. — Mark, Jul 19 '17 at 00:42
If you want to go the regex route that @DavidHoelzer mentions: https://stackoverflow.com/q/1559751/4996248 — John Coleman, Jul 19 '17 at 00:45
Anyone have an example of the regex i would use? This seems likely to be the answer. — allen simpson, Jul 19 '17 at 01:03

Prune · Accepted Answer · 2017-07-19T00:39:42.623

3

Actually, you're quite close. Yes, you have a variety of conditions to check; the rules are that complication. Note that you don't have to check for alpha: the checks for islower and isupper cover that. You can make this just a little easier to handle by putting the rules into a single expression:

import string
def golf(password):
    return \
        len(password) >= 10                              and \
        any(char.isdigit() for char in password)         and \
        not any(string.punctuation for char in password) and \
        any(char.isupper() for char in password)         and \
        any(char.islower() for char in password)

Note that you're evaluating a Boolean expression: just return that value. There's no need to say

if <expr>:
    return True
else:
    return False

You already have the value in hand; just return it.

edited Jul 19 '17 at 00:39

answered Jul 19 '17 at 00:35

Prune

76,765
14
60
81

1

I think it should be `all(char not in string.punctuation` – OneCricketeer Jul 19 '17 at 00:37
This answer was useful , thanks! I still think it can be done shorter though.. maybe regex? – allen simpson Jul 19 '17 at 00:54
Yes -- as you found, you can make it shorter with regex. "Better" is a value judgment. I wrote only to improve your existing approach, keeping the simplicity and readability. – Prune Jul 19 '17 at 15:18

score 0 · Answer 2 · answered Jul 19 '17 at 00:34

0

That's one long string of if statements XD. You should just use some and statements.

if len(password) >= 10 and any(char.isdigit() for char in password)...:
    return True
else:
    return False

The else statement is not necessary, as you know, but it makes the code more readable.

answered Jul 19 '17 at 00:34

Matthew

472
2
5
12

Thanks for that , Yes it is shortened if you use and statements but harder to read also , i believe it can be readable and shorter. – allen simpson Jul 19 '17 at 00:55

score 0 · Answer 3 · answered Jul 19 '17 at 01:08

The more optimal way would be to do your character checking all in one loop.

import string
def golf(password):
    if len(password) < 10:
      return False

    saw_digit = saw_upper = saw_lower = False
    no_punct = all_alnum = True

    for char in password:
      saw_digit = saw_digit or char.isdigit()
      saw_upper = saw_upper or char.isupper()
      saw_lower = saw_lower or char.islower()
      no_punct = no_punct and (char not in string.punctuation)
      all_alnum = all_alnum and char.isalnum()

    values = [saw_digit, saw_lower, saw_upper, no_punct, all_alnum]
    # print(values)
    return all(values)

Password Testing in Python

3 Answers3