I attended a session about securing your ColdFusion applications at MAX 2007 and decided to add password strength testing to one of my projects. It's a nifty trick. As the user types in their password, a message tells them if their password is weak, average or strong. I've seen this done with Javascript on the client side, but thought I'd take advantage of the new AJAX features of ColdFusion 8 to build mine.

Below is the code you'll add to your page.

When using CF-8JAX (my new term), I often get javascript errors because I can't access the /CFIDE/scripts directory on the server. To remedy this, I've uploaded all the files from /CFIDE/scripts into a directory off my webroot called /js/cf8. Then I can import the javascript libraries I need using the CFAJAXIMPORT tag.

Nothing special above, just a password input field.

Ok, here is where the magic happens. The function PasswordStrength is located in the file remote.cfc. I placed remote.cfc in the same directory, but you can place it anywhere. Just make sure you update the cfdiv tag to reflect the new location.

I pass the argument "password" into my function. I discovered the @keyup trick looking at some other blog posts. Now each time a new character is added the password strength is tested. Love this feature. You can also use @blur or @keypress. Along with the strength I give the user hints how to strengthen their password.

See an example or Download the code

Feedback always welcome. Let me know if you have improvement for my PasswordStrength function. Thanks!