Articles

This content is in the process of being styled since being imported from a previous system, and may lack some formatting detail or imagery.

How strong is your password?

  • Security

The Password Strength Checker uses a number of metrics to determine how strong a given password is, including the number of characters in total, uppercase and lower case letters, numbers and symbols. It also deducts points in the event you have numbers only, repeated characters, consecutive same-case letters, sequential letters or numbers.

Having played around with it a bit, it's great for telling if a given password is strong, but don't worry too much if it tells you its weak.

Take, for example, the password Ad%U,1q3b. This string was chosen because it causes the report to give exceptional ratings for all positively scoring criteria and a pass for all deductions, resulting in a password of "Very Strong" complexity with a 100% score.

Now take the password Ad%U,1q3bbbb. It receives a "Very Weak" complexity with a 0% score.

I'm not a statistician, but I'm pretty sure the longer password has a lower probability of being found. Am I wrong? That said, it's still a great tool, and perhaps I need to upgrade my rudimentary in-line password strength checker!

Comments

have a squiz here.. work done on password quiality measurement. http://paper.ijcsns.org/07\_book/200701/200701B01.pdf

Cheers.. PS have you posted your phpmelb talks anywhere?

Hi Bob! Thanks for the link - an interesting read, relatively speaking ;-)

The Password analyser I wrote uses time calculations based on the assumption that a brute force attack is used, similar to those in Table 2 of the paper. I'll have to have a more thorough read of the paper later (after my second or third coffee!).

On the topic of talks, you can find my publicly available material here. If there's something else you're looking for, let me know and I'll see if I can dig it out ;-)

Comments for this post are currently disabled.

Subscribe to my Newsletter

* indicates a required field

I don't send many updates. I don't like to spam. Let's face it - I've not posted many new articles for a while (although I do plan on changing that). If you subscribe to new articles, I'll send no more than two emails a week. As for workshop and conference information, that'll be as and when I have details. It's not likely to be more than an email a week.

Topics