Project Members:
- Haroon K M
- Balamurugan T
- Sujay S
- Enbachozhan V
StrengthX is a professional-grade password evaluation system designed to assess password strength and detect exposure in public data breaches. It empowers users with practical insights into password security through an interactive and privacy-focused web interface. The project integrates modern cybersecurity practices, secure hashing, and data breach APIs to deliver accurate feedback without storing sensitive information.
In today's digital ecosystem, password compromise remains one of the most common attack vectors. Weak, reused, or previously breached passwords significantly increase the risk of unauthorized access. StrengthX tackles this problem by providing an intuitive platform that analyzes password strength and verifies exposure in known breaches. It promotes security awareness and password hygiene among users, bridging the gap between technical security knowledge and practical usability.
The core purpose of StrengthX is to enhance cybersecurity awareness and reduce password-related vulnerabilities by offering a real-time password strength and breach detection platform.
- Educate users about password security best practices.
- Provide actionable feedback for weak or compromised passwords.
- Encourage the adoption of strong, unique, and secure credentials.
- Demonstrate integration of AI and data-driven password assessment models.
The project is motivated by the increasing number of global data breaches and poor user password habits. Many individuals reuse simple passwords across multiple platforms. Existing solutions either compromise privacy or fail to educate users about secure password creation. StrengthX provides a transparent, safe, and informative approach to assess password integrity.
StrengthX focuses on:
- Password evaluation
- Breach verification
- User awareness
It does not handle account management or authentication systems but can be integrated with them. The scope includes backend logic, front-end visualization, API integration, and deployment workflows.
- Password Strength Analyzer: Evaluates password entropy, pattern repetition, and complexity.
- Breach Exposure Checker: Uses hashed password lookups with HaveIBeenPwned API.
- Privacy-First Model: No password storage; client-side hashing implemented.
- Real-Time Feedback: Interactive display with strength visualization.
- Dockerized Deployment: Simplified container-based setup for scalability.
StrengthX follows a modular architecture separating the front-end UI, backend processing, and API integration layers.
- Frontend: Developed with Streamlit for an interactive UI.
- Backend: Python scripts handle logic, scoring, and breach API queries.
- Security Layer: Hash-based lookup ensures no plaintext transmission.
- Deployment: Docker containers ensure consistent builds and portability.
System Diagram:
Components:
- Frontend: Streamlit-based interface for user input and visualization.
- Backend: Python scripts for password strength calculation, regex validation, and breach checking.
- Security Layer: SHA-1 hashing and k-anonymity for safe API queries.
- Deployment: Docker for scalable, portable deployment.
- Backend: Python 3.x
- Frontend: Streamlit
- Libraries:
hashlib,zxcvbn,requests,pwnedpasswords - Version Control: Git & GitHub
- Deployment: Render / Docker / Streamlit
- License: Apache License 2.0
The workflow starts when the user inputs a password into the Streamlit interface. The system calculates its strength score, checks breach databases securely, and returns a detailed report. This interactive loop allows users to refine and improve their passwords instantly.
Figure 1.2: Workflow Diagram
StrengthX ensures privacy by never storing user passwords. Key security measures include:
- Hashing techniques such as SHA‑1 for verification with public APIs like HaveIBeenPwned.
- Secure HTTPS connections and encrypted data handling.
- Minimal and anonymized logging.
Testing includes:
- Unit tests for password scoring algorithms.
- Integration tests for API communication.
- Manual UI testing across different browsers.
- Security testing to ensure no sensitive data leakage.
- User enters a password in the Streamlit input box (
st.text_input). - The password is captured as a string variable
pwd.
- Checks whether a password is entered.
- If no password → displays: "Please enter a password to evaluate its strength."
- If entered → proceeds to evaluation.
- Password is SHA-1 hashed:
hashlib.sha1(pwd.encode()). - Only the first 5 characters of the hash are sent to the Pwned Passwords API (k-anonymity model).
- API returns matching suffixes and breach counts.
- Full hash checked against results:
- Found → password marked as Compromised.
- Not found → password is safe from known breaches.
- Uses zxcvbn library for entropy and pattern analysis.
- Metrics returned:
score(0–4)crack_times_displayfeedback(suggestions/warnings)
- Password strength classification:
- 0 → Very Weak
- 1 → Weak
- 2 → Fair
- 3 → Strong
- 4 → Very Strong
- Checks for numbers:
(?=.*\d) - Checks for uppercase:
(?=.*[A-Z]) - Checks for special characters:
[!@#$%^&*()_+{}\[\]:;"'<>?,./\|\\-] - Checks for minimum length (12 chars)
- Each failed check adds a recommendation (e.g., "Add numbers", "Increase length").
- Displays:
- Crack time estimates
- Zxcvbn feedback
- Custom improvement suggestions
- Breach check result
- Feedback is color-coded:
- Red → Weak
- Green → Strong
- Passwords are never stored or transmitted in plaintext.
- All validation occurs locally, except SHA-1 prefix lookup.
- Limitations: Breach database coverage may be partial; strength evaluation is heuristic-based.
- Future Work:
- AI-based predictive strength analysis
- Multi-factor authentication (MFA) suggestions
- Integration with password managers
- Mobile-friendly interface
The StrengthX project was collaboratively developed by a team of passionate individuals:
Haroon K M – Project Lead & Full-Stack Developer
- Conceptualized and led development
- Integrated password strength algorithms (Regex + zxcvbn) and Pwned Passwords API
- Designed Streamlit UI and managed project structure, GitHub, and deployment
Balamurugan T – Backend Developer & Security Engineer
- Implemented encryption and hashing techniques
- Developed backend logic for validation and regex optimization
- Conducted security testing and validation
Sujay S – Data Analyst & Validation Specialist
- Analyzed password strength data and API responses
- Handled testing scenarios and performance validation
- Designed validation flow diagrams and QA reports
Enbachozhlan V – Technical Writer & Frontend Designer
- Created documentation and visual diagrams
- Contributed to UI/UX design
- Assisted with architecture, testing, and workflow diagrams
- StrengthX - GitHub Repository
- StrengthX Website
- HaveIBeenPwned API Documentation - Troy Hunt
- zxcvbn Password Strength Estimator
- Streamlit Developer Guide
- Render Hosting Developer Guide
- GitHub Contributors
Prerequisites: Python 3.x, Git, Streamlit, Docker (optional)
# Clone Repository
git clone https://github.com/haroontrailblazer/StrengthX.git
# Navigate into directory
cd StrengthX
# Install dependencies
pip install -r requirements.txt
# Pull latest updates
git pull origin main
# Run the application
streamlit run app.py