The Problem
Weak passwords remain one of the top attack vectors (OWASP A07: Identification and Authentication Failures). Users need real-time feedback on password strength before they create accounts - but most checkers only count character types without measuring actual entropy.
My Approach
I built PassStrong as a full-stack security utility combining a Flask backend with a clean frontend, using entropy scoring and heuristic analysis.
- Entropy scoring: Calculates Shannon entropy to measure true randomness, not just length
- Heuristic checks: Detects common patterns - dictionary words, sequential chars, keyboard walks
- Flask API: Server-side validation logic that can't be bypassed by client manipulation
- Visual feedback: Color-coded strength meter with actionable improvement suggestions
Security Relevance
This project connects directly to my identity as a Software Developer · Cybersecurity:
- Addresses OWASP authentication weaknesses proactively
- Demonstrates understanding of credential security beyond basic regex checks
- Shows ability to build security tools, not just exploit them
- Complements my JNV cybersecurity training on password hygiene
Tech Stack
Results
- 95% accuracy in classifying password strength tiers
- Real-time feedback with specific improvement recommendations
- Demonstrates security thinking applied to everyday authentication flows
What I Learned
Authentication security isn't just about hashing passwords on the server - it's about guiding users toward stronger credentials before they become a breach vector. This mindset shapes how I build auth systems in every MERN project I ship.