{"id":8401,"library":"password-strength","title":"Password Strength","description":"The `password-strength` library (PyPI slug: `password-strength`, current version `0.0.3.post2`) provides tools for password strength assessment and validation. It allows defining a `PasswordPolicy` with various rules (e.g., minimum length, character types, entropy) to test if a password meets specified security requirements. The library also offers `PasswordStats` to get a normalized strength score and detailed analysis of a password. While the PyPI package itself was last updated in 2019, its GitHub repository shows more recent activity, suggesting ongoing relevance.","status":"active","version":"0.0.3.post2","language":"en","source_language":"en","source_url":"https://github.com/kolypto/py-password-strength","tags":["security","password","validation","strength","entropy"],"install":[{"cmd":"pip install password-strength","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"PasswordPolicy","correct":"from password_strength import PasswordPolicy"},{"symbol":"PasswordStats","correct":"from password_strength import PasswordStats"}],"quickstart":{"code":"from password_strength import PasswordPolicy, PasswordStats\n\n# Define a password policy\npolicy = PasswordPolicy.from_names(\n    length=8,\n    uppercase=1,\n    numbers=1,\n    special=1,\n    nonletters=1\n)\n\n# Test a password against the policy\npassword = \"StrongP@ssw0rd!\"\nerrors = policy.test(password)\n\nif not errors:\n    print(f\"Password '{password}' meets the policy requirements.\")\nelse:\n    print(f\"Password '{password}' failed the following checks: {', '.join(errors)}\")\n\n# Get detailed strength statistics\nstats = PasswordStats(password)\nprint(f\"\\nPassword entropy (bits): {stats.entropy_bits:.2f}\")\nprint(f\"Password complexity (0.00-0.99): {stats.complexity:.2f}\")\nprint(f\"Password strength (0.00-1.00): {stats.strength:.2f}\")","lang":"python","description":"This quickstart demonstrates how to define a password policy using `PasswordPolicy.from_names` and test a password against it. It also shows how to get detailed strength statistics, including entropy, complexity, and a normalized strength score using `PasswordStats`."},"warnings":[{"fix":"Prefer using `policy.test()` to get a list of failed rules or `PasswordStats().complexity` / `PasswordStats().strength` for a more user-friendly score, especially when providing feedback to end-users.","message":"The default entropy calculation might be less intuitive for users than a complexity score or explicit policy checks. While `entropy_bits` is a fundamental measure, `complexity` (0.00-0.99) or `strength` (0.00-1.00) are often more digestible for direct user feedback.","severity":"gotcha","affected_versions":"<=0.0.3.post2"},{"fix":"For enhanced security, consider adding custom checks for known weak patterns, dictionary words, or sequential characters, potentially by extending the `PasswordPolicy` or implementing separate validation functions. The library offers the flexibility to define custom validation rules or combine with other techniques.","message":"A password might pass basic length and character type rules but still contain easily guessable repetitions (e.g., 'aaaaaa', '123123'). The library's `Policy` object doesn't inherently check for overly repetitive patterns beyond what the entropy calculation might implicitly catch.","severity":"gotcha","affected_versions":"<=0.0.3.post2"},{"fix":"Define password requirements using `PasswordPolicy.from_names()` or by directly instantiating `PasswordPolicy` with desired rules, which is generally more readable and maintainable.","message":"Direct manipulation or reliance on `weak_bits`, `medium_bits`, `strong_bits` constants might be less recommended than using the `Policy` object's named rules, as policies provide a clearer, more configurable approach to defining acceptable passwords.","severity":"deprecated","affected_versions":"<=0.0.3.post2"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure the library is installed in your current environment using `pip install password-strength`. If using virtual environments, activate the correct one before running your script.","cause":"The library is not installed or the Python environment is incorrect.","error":"ModuleNotFoundError: No module named 'password_strength'"},{"fix":"Access validation methods on the `PasswordPolicy` object. For example, use `policy.test(password)` instead of `policy(password)`.","cause":"Attempting to call a `PasswordPolicy` object like a function instead of using its `test()` method.","error":"TypeError: 'PasswordPolicy' object is not callable"},{"fix":"Use `PasswordPolicy` for testing against defined rules (`policy.test(password)`). Use `PasswordStats` to get raw metrics like entropy or complexity (`PasswordStats(password).strength`).","cause":"Confusing `PasswordStats` (for analysis) with `PasswordPolicy` (for validation). `PasswordStats` provides statistical properties, not policy testing.","error":"AttributeError: 'PasswordStats' object has no attribute 'test'"}]}