Passwordmeter

Jun. 16th, 2009 07:50 am
slowfox: Slowfox' default icon (Default)
[personal profile] slowfox
This Password Strength Checker is an interesting tool.

It uses Google's javascript urchin.js to determine the strength of a password, based on the number of characters, whether or not you're using mixed case, letters, non-alpha-numerics and the like.

Obviously you don't feed it your real password (unless you're feeling particularly brave - it's running a script that's hosted on a different server!), but if you pass it constructs that are similar in nature, it'll give you a rough idea of how secure Google thinks that particular algorithm might be.
  • Current Mood: busy
  • Current Location: Work
  • Current Music: Cycling Weekly Podcast 15
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2009-06-16 07:01 am (UTC)
yvi: Kaylee half-smiling, looking very pretty (Default)
From: [personal profile] yvi
*coughs*

Yeah, I knew my passowrds would all turn out as #weak'. lowercase characters interspaced with numbers.

At least my root passwords are 40 characters long with lower- and uppercase + numbers.

Date: 2009-06-16 07:18 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
Actually, my current set of passwords clock in in the 70% - 80% region. Ironically, my root password for the home machine turns out to be the weakest of the lot, though! ;-P

Date: 2009-06-16 07:22 am (UTC)
yvi: Kaylee half-smiling, looking very pretty (Default)
From: [personal profile] yvi
:) One of the passwords I use as a log-in now used to be my root password in 2003. It scores at 40% now -back then, I think 9 digits with lowercase and numbers was considered relatively safe, or at least I hoped so.

Date: 2009-06-16 07:34 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
Fingerprint readers may be the way to go, because it's getting hard to come up with memorable passwords that are sufficiently strong.

I've written a small program that generates passwords, and prints them to the screen, 40 at a time. I scan the output, and then pick (and modify) one that looks likely, but the basic algorithm doesn't score highly with the meter, so I need to tweak that a little.

Date: 2009-06-16 08:00 am (UTC)
linaelyn: (Chibi!Lin)
From: [personal profile] linaelyn
Fascinating! I've found a few useful-to-me tricks for generating passwords, over the years. Generally I'll take some geographic location (not my own locale) hunt back through historical names for the place (languages of the First Nations are great for this) and then... L33T the names until they're no longer recognizable even to an historian. The resulting string of letters, numbers and symbols means nothing to anyone but *me* (and possibly Estel, if it's a joint account.)

Date: 2009-06-16 08:08 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
I'm a little more obscure than that - I used to l337 up names, and then add numbers to the tail, but these days I go for semi-randomly generated sequences (as comment above).

Apparently, approx 33% of users have a single password for everything. Just for the personal accounts, I currently have nine ten twelve... possibly more. Then there are the work ones on top of that.

Date: 2009-06-16 08:56 am (UTC)
yvi: Kaylee half-smiling, looking very pretty (Default)
From: [personal profile] yvi
I have... 6 for personal accounts. Plus root passwords, which I wouldn't even dream about learning the hard way.

I just generally suck at learning passwords.

Date: 2009-06-16 10:15 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
Learning passwords is usually OK for me, although I do wish I'd learn from past mistakes and stop deciding to change my work machine's password on a Friday! (lots of practice, early on, helps cement the new key in the mind, I find)

Date: 2009-06-16 09:03 am (UTC)
linaelyn: (Default)
From: [personal profile] linaelyn
You are ever the one who does nothing by halves. :-) It's an endearing trait... at this remove, at any rate.

Semi-randomly-generated sequences would possibly be overkill for my Paperback Swap Library account and my Kongregate games account. Still you never know...

How often do you bother to change your personal passwords for accounts you hold? I do so nearly annually for most purposes (okay, usually a year and a half goes by...) but semiannually for financial things with higher likelihood of attack.

Date: 2009-06-16 10:14 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
The frequency of change varies - probably roundabout annually, I'd guess - it varies. The danger is that I get attached to my obscure passwords, and learning new ones is a bit of effort - so you tend to try and get as much of a return on the memorising investment as you can.


Date: 2009-06-16 01:54 pm (UTC)
aome: (Default)
From: [personal profile] aome
My faux-but-modelled-on-real-passwords mostly scored in the weak range, but one got a 50% "good" rating. The big detractor for my other passwords was the fact that they were fewer than 8 chacters, usually 7. Another one was that some were all lower-case, but I recall that LJ only allows lower case, in which case, that shouldn't necessarily be a detractor. Interesting program, though - gave me things to think about.

Date: 2009-06-17 07:52 am (UTC)
slowfox: Slowfox' default icon (Default)
From: [personal profile] slowfox
My passwords, these days, tend to be in the 10 to 12 character range... I'm not convinced that going longer than that will be more secure, though, since to facilitate memorising them, they'll then need to have some kind of structure.

I think I can generally remember a handful of 12 character random sequences, but more than that might be tricky...
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

slowfox: Slowfox' default icon (Default)
slowfox

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 9th, 2025 05:00 am
Powered by Dreamwidth Studios