Maintenance

Site is under maintenance — quizzes are still available.

Go to quizzes
Sponsored Reserved space — layout preview until AdSense is connected

Automatically Detect Weak Passwords from Large Password Lists in Python

This Python script identifies weak passwords from a list by checking length, common patterns, sequential characters, and uniform characters, returning those that fail the security checks.

Easy Python 3.9+ Jun 28, 2026 Strings & text 2 views 0 copies

password security validation detection strings

Python code

30 lines
Python 3.9+
Run it 
import re

COMMON_PASSWORDS_FILE = "common_passwords.txt"

def is_weak(password):
    # Check length
    if len(password) < 8:
        return True
    # Check for common patterns
    if password.lower() in {"password", "123456", "qwerty", "letmein", "admin", "welcome"}:
        return True
    # Check for sequential characters
    if re.search(r"(012|123|234|345|456|567|678|789|890)", password):
        return True
    # Check if all same character
    if len(set(password)) == 1:
        return True
    return False

def detect_weak_passwords(password_list):
    weak_passwords = []
    for pwd in password_list:
        if is_weak(pwd):
            weak_passwords.append(pwd)
    return weak_passwords

if __name__ == "__main__":
    sample_list = ["hello1", "password", "abcdefgh", "11111111", "strongPass1", "12345678", "qwerty123"]
    weak = detect_weak_passwords(sample_list)
    print(f"Weak passwords found: {weak}")

Output

stdout 
Weak passwords found: ['password', '11111111', '12345678', 'qwerty123']

How it works

The is_weak function applies multiple rules: short passwords (under 8 characters) are flagged immediately. It checks against a set of common passwords (case-insensitive). Regular expressions detect sequential digits like '123' or '890'. Finally, passwords consisting entirely of the same character are considered weak. The detect_weak_passwords function iterates through the input list and collects all weak ones for reporting.

Common mistakes

  • Not normalizing case before comparing against common password lists, missing variations like 'Password'.
  • Using a small or static common password list instead of loading a comprehensive file like common_passwords.txt.
  • Forgetting to check for sequential patterns like 'abc' or keyboard walks (e.g., 'qwerty').
  • Applying the same rule set to all contexts without allowing customization (e.g., minimum length requirements may differ).

Variations

  1. Use a dynamic list from a file by reading common_passwords.txt with open() and splitting lines.
  2. Integrate with a library like zxcvbn for more sophisticated strength estimation based on entropy and patterns.

Real-world use cases

  • Auditing user-submitted passwords during account registration to enforce strength policies.
  • Scanning leaked password databases to quickly flag reused or weak credentials for forced reset.
  • Integrating into a CI/CD pipeline that checks configuration files for default or weak passwords.

Sponsored

Sponsored Reserved space — layout preview until AdSense is connected

Run this sample

Open the browser IDE to tweak the example and see results without installing anything.

Open editor

More from Strings & text

Keep learning

Related tutorials and quizzes for this topic.

Tutorials

Quizzes