Password Analyzer API: Complete Security Analysis Guide

Need to evaluate password strength in your application? The Password Analyzer API provides comprehensive security analysis including entropy calculation, character composition, vulnerability detection, and actionable improvement suggestions.

What is Password Analysis?

Password analysis is the process of evaluating a password's security characteristics. A comprehensive analysis examines multiple factors including length, character diversity, pattern detection, and resistance to common attack methods like dictionary attacks and brute force.

Modern password analyzers go beyond simple rules to provide entropy calculations, estimated crack times, and specific vulnerability warnings based on known attack patterns.

Password Security Metrics

The API evaluates passwords using several key metrics:

Entropy (bits)

Entropy measures password randomness. Higher entropy means more possible combinations. A password with 60+ bits of entropy is considered strong against modern attacks.

Character Composition

Analysis of lowercase, uppercase, numbers, and special characters. Diverse character sets significantly increase password strength.

Pattern Detection

Identifies common patterns like keyboard sequences (qwerty), repeated characters (aaa), and common substitutions (@ for a).

Using the Password Analyzer API

TinyFn provides a comprehensive endpoint to analyze passwords:

POST https://api.tinyfn.io/v1/password/analyze
Headers: X-API-Key: your-api-key
Content-Type: application/json

{
  "password": "MyP@ssw0rd123!"
}

{
  "strength": "strong",
  "score": 85,
  "entropy": 72.5,
  "length": 14,
  "composition": {
    "lowercase": 6,
    "uppercase": 2,
    "numbers": 4,
    "special": 2
  },
  "issues": [],
  "suggestions": [
    "Consider using a passphrase for even better security"
  ],
  "crack_time_display": "centuries"
}

Parameters

Code Examples

JavaScript / Node.js

const response = await fetch(
  'https://api.tinyfn.io/v1/password/analyze',
  {
    method: 'POST',
    headers: {
      'X-API-Key': 'your-api-key',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ password: 'MyP@ssw0rd123!' })
  }
);
const analysis = await response.json();
console.log(`Strength: ${analysis.strength}, Score: ${analysis.score}`);

Python

import requests

response = requests.post(
    'https://api.tinyfn.io/v1/password/analyze',
    headers={'X-API-Key': 'your-api-key'},
    json={'password': 'MyP@ssw0rd123!'}
)
analysis = response.json()
print(f"Strength: {analysis['strength']}, Entropy: {analysis['entropy']} bits")

cURL

curl -X POST "https://api.tinyfn.io/v1/password/analyze" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"password": "MyP@ssw0rd123!"}'

Common Use Cases

• Registration Forms: Validate password strength during user signup
• Password Change Flows: Ensure new passwords meet security requirements
• Security Audits: Bulk analyze passwords for compliance
• Password Managers: Rate stored password security
• User Education: Show users why their password is weak

Best Practices

1. Always use HTTPS: Never transmit passwords over unencrypted connections
2. Combine with breach checks: Pair analysis with haveibeenpwned-style checks
3. Show constructive feedback: Display specific suggestions, not just "weak password"
4. Set minimum thresholds: Require minimum entropy or score for acceptance
5. Rate limit requests: Prevent abuse of the analysis endpoint

Use via MCP

Your AI agent can call this tool directly via Model Context Protocol — no HTTP code needed. Add TinyFn to Claude Desktop, Cursor, or any MCP client:

{
  "mcpServers": {
    "tinyfn-password": {
      "url": "https://api.tinyfn.io/mcp/password/",
      "headers": {
        "X-API-Key": "your-api-key"
      }
    }
  }
}

See all password tools available via MCP in our Password MCP Tools for AI Agents guide.