Need to check password security in your application? This guide covers everything about password strength analysis via API, including scoring algorithms, common password detection, and implementation examples in multiple programming languages.
What is Password Strength?
Password strength is a measure of how resistant a password is to guessing and brute-force attacks. Strong passwords combine length, complexity, and unpredictability to maximize the effort required to crack them.
Example scores: password123 (weak), MyD0g$Name! (medium), 7Hx#mK9@pL2! (strong)
Strength Factors
Factors that determine password strength:
Length
Longer passwords exponentially increase the keyspace. Each additional character adds significant security.
Character Variety
Using uppercase, lowercase, numbers, and symbols increases complexity.
Unpredictability
Avoiding common words, patterns, and personal information.
Using the Password Strength API
TinyFn provides a comprehensive endpoint to analyze password strength:
POST https://api.tinyfn.io/v1/validate/password-strength
Headers: X-API-Key: your-api-key
Content-Type: application/json
{
"password": "MySecureP@ss123"
}{
"score": 3,
"strength": "strong",
"feedback": {
"warning": "",
"suggestions": ["Add more uncommon words"]
},
"crack_time_display": "centuries",
"entropy_bits": 65.4,
"has_lowercase": true,
"has_uppercase": true,
"has_numbers": true,
"has_symbols": true,
"length": 15
}Parameters
| Parameter | Type | Description |
|---|---|---|
password |
string | The password to analyze (required) |
user_inputs |
array | User-specific words to penalize (optional) |
Code Examples
JavaScript / Node.js
const response = await fetch(
'https://api.tinyfn.io/v1/validate/password-strength',
{
method: 'POST',
headers: {
'X-API-Key': 'your-api-key',
'Content-Type': 'application/json'
},
body: JSON.stringify({ password: 'MySecureP@ss123' })
}
);
const result = await response.json();
console.log(`Strength: ${result.strength}, Score: ${result.score}/4`);Python
import requests
response = requests.post(
'https://api.tinyfn.io/v1/validate/password-strength',
headers={'X-API-Key': 'your-api-key'},
json={'password': 'MySecureP@ss123'}
)
result = response.json()
print(f"Strength: {result['strength']}, Score: {result['score']}/4")cURL
curl -X POST "https://api.tinyfn.io/v1/validate/password-strength" \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"password": "MySecureP@ss123"}'Common Use Cases
- Registration Forms: Show real-time password strength feedback
- Password Policies: Enforce minimum strength requirements
- Security Audits: Check existing passwords for weaknesses
- User Education: Explain why certain passwords are weak
- Compliance: Meet security requirements for password strength
Best Practices
- Don't log passwords: Never log the actual passwords being checked
- Use HTTPS: Always send passwords over encrypted connections
- Show feedback: Display helpful suggestions to improve weak passwords
- Consider passphrases: Encourage passphrases as an alternative
Use via MCP
Your AI agent can call this tool directly via Model Context Protocol — no HTTP code needed. Add TinyFn to Claude Desktop, Cursor, or any MCP client:
{
"mcpServers": {
"tinyfn-validate": {
"url": "https://api.tinyfn.io/mcp/validate/",
"headers": {
"X-API-Key": "your-api-key"
}
}
}
}See all validation tools available via MCP in our Validation MCP Tools for AI Agents guide.
Try the Password Strength API
Get your free API key and start analyzing passwords in seconds.
Get Free API Key