Skip to main content

Visual feedback on password strength

Posted by kirillcool on December 16, 2005 at 3:03 AM PST

The GMail provides a nice visual feedback while you are typing a new password. On each keystroke, the currently typed string is sent to the Google servers (hopefully encrypted) and the computed strength is shown to the user (weak - red, medium - yellow, strong - green). This can serve as either suggestion only (as is in Google's case) or as semi-client side validation (providing feedback to the user before he clicks OK).

The new version of Substance LAF (currently starting its development) provides an option for specifying such feedback. First - three screenshots illustrating the technique:

Weak password - red strip on the password field and custom tooltip text:

Medium password - yellow strip on the password field and custom tooltip text:

Strong password - green strip on the password field and custom tooltip text:

You can also view view this short video clip (412KB, 0:22 min) that illustrates the interaction.

The implementation is quite simple. The PasswordStrengthChecker interface in org.jvnet.substance.utils package defines the following two functions:

public enum PasswordStrength {

public PasswordStrength getStrength(char[] password);

public String getDescription(PasswordStrength strength);

You need to implement this interface (the implementation for the above screenshots looks at the length of the password and returns the corresponding value):

   private static class MyPasswordStrengthChecker implements
         PasswordStrengthChecker {
      public PasswordStrength getStrength(char[] password) {
         if (password == null)
            return PasswordStrength.WEAK;
         int length = password.length;
         if (length < 3)
            return PasswordStrength.WEAK;
         if (length < 6)
            return PasswordStrength.MEDIUM;
         return PasswordStrength.STRONG;

      public String getDescription(PasswordStrength strength) {
         switch (strength) {
         case WEAK:
            return "<html>This password is <b>way</b> too weak</html>";
         case MEDIUM:
            return "<html>Come on, you can do<br> a little better than that</html>";
         case STRONG:
            return "OK";
         return null;

Note that you can return HTML text for the tooltip (as for any Swing tooltip). The last thing you need to do - decide which password fields need this functionality and set the following client property on them:

JPasswordField jpf = new JPasswordField("password", 10);
   new MyPasswordStrengthChecker());

The value of the above property must be an instance of PasswordStrengthChecker (will be ignored otherwise).

One last thing - starting from version 2.2 of Substance (code-named El Paso) the additional UI elements (system menu items, heap status panel, menu search panel) are internationalized. You are welcome to view the list of available translations and send me additional translations to kirillcool [at]

Related Topics >>