Passwordmeter

[slowfox]

This Password Strength Checker is an interesting tool.

It uses Google's javascript urchin.js to determine the strength of a password, based on the number of characters, whether or not you're using mixed case, letters, non-alpha-numerics and the like.

Obviously you don't feed it your real password (unless you're feeling particularly brave - it's running a script that's hosted on a different server!), but if you pass it constructs that are similar in nature, it'll give you a rough idea of how secure Google thinks that particular algorithm might be.

Comments

[slowfox]

Actually, my current set of passwords clock in in the 70% - 80% region. Ironically, my root password for the home machine turns out to be the weakest of the lot, though! ;-P

[yvi]

:) One of the passwords I use as a log-in now used to be my root password in 2003. It scores at 40% now -back then, I think 9 digits with lowercase and numbers was considered relatively safe, or at least I hoped so.

[slowfox]

Fingerprint readers may be the way to go, because it's getting hard to come up with memorable passwords that are sufficiently strong.

I've written a small program that generates passwords, and prints them to the screen, 40 at a time. I scan the output, and then pick (and modify) one that looks likely, but the basic algorithm doesn't score highly with the meter, so I need to tweak that a little.