Passwordmeter

[slowfox]

This Password Strength Checker is an interesting tool.

It uses Google's javascript urchin.js to determine the strength of a password, based on the number of characters, whether or not you're using mixed case, letters, non-alpha-numerics and the like.

Obviously you don't feed it your real password (unless you're feeling particularly brave - it's running a script that's hosted on a different server!), but if you pass it constructs that are similar in nature, it'll give you a rough idea of how secure Google thinks that particular algorithm might be.

Comments

[aome]

My faux-but-modelled-on-real-passwords mostly scored in the weak range, but one got a 50% "good" rating. The big detractor for my other passwords was the fact that they were fewer than 8 chacters, usually 7. Another one was that some were all lower-case, but I recall that LJ only allows lower case, in which case, that shouldn't necessarily be a detractor. Interesting program, though - gave me things to think about.

[slowfox]

My passwords, these days, tend to be in the 10 to 12 character range... I'm not convinced that going longer than that will be more secure, though, since to facilitate memorising them, they'll then need to have some kind of structure.

I think I can generally remember a handful of 12 character random sequences, but more than that might be tricky...