Slightly evil password strength checker
Checks how strong your user's password is via questionably ethical means.
Please don't actually use this.
>>> from evilpass import check_pass >>> errors = check_pass("password", "email address", "username") >>> errors ["Your password must be at least 8 characters long"]
Password reuse is bad, okay?
So quit doing it. Use a password manager. I personally recommend pass.
If you're actually checking user's password strength on sign up, I strongly suggest using an entropy-based strength estimation like zxcvbn instead of contrived composition rules like this, which are explicitly discouraged by NIST's current password guidelines. I also suggest not trying to log into your user's account on other sites.
- Automate use of proxies to avoid rate limiting and other things external services might do when they detect you're doing this
- Add other external services to check
Store valid credentials in a database for evil purposes