How strong is your password?
April 4th, 2008
The Password Strength Checker uses a number of metrics to determine how strong a given password is, including the number of characters in total, uppercase and lower case letters, numbers and symbols. It also deducts points in the event you have numbers only, repeated characters, consecutive same-case letters, sequential letters or numbers.
Having played around with it a bit, it’s great for telling if a given password is strong, but don’t worry too much if it tells you its weak.
Take, for example, the password Ad%U,1q3b. This string was chosen because it causes the report to give exceptional ratings for all positively scoring criteria and a pass for all deductions, resulting in a password of “Very Strong” complexity with a 100% score.
Now take the password Ad%U,1q3bbbb. It receives a “Very Weak” complexity with a 0% score.
I’m not a statistician, but I’m pretty sure the longer password has a lower probability of being found. Am I wrong? That said, it’s still a great tool, and perhaps I need to upgrade my rudimentary in-line password strength checker!
Entry Filed under: Security
2 Comments Add your own
1. Bob Blanchett | April 17th, 2008 at 7:50 pm
have a squiz here.. work done on password quiality measurement.
http://paper.ijcsns.org/07_book/200701/200701B01.pdf
Cheers..
PS have you posted your phpmelb talks anywhere?
2. Ben Balbo | April 18th, 2008 at 10:55 am
Hi Bob! Thanks for the link - an interesting read, relatively speaking
The Password analyser I wrote uses time calculations based on the assumption that a brute force attack is used, similar to those in Table 2 of the paper. I’ll have to have a more thorough read of the paper later (after my second or third coffee!).
On the topic of talks, you can find my publicly available material here. If there’s something else you’re looking for, let me know and I’ll see if I can dig it out
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed