Protect your users by showing them how weak they are - Security & Cryptography
                
		         
	        
        
	
	Users browsing this thread: 1 Guest(s)
| 
 | |||
| 
					Hello *nixers, Passwords are becoming less and less secure. One solution is to show the end user how weak his password is. http://www.geekwisdom.com/dyn/passwdmeter However, for the average user, a 8 chars password is already the limit of his/her 8bits memory can support. You can also use RSA keys, but it's not the everyday user that will use that. | |||
| 
 | |||
| 
					Sorry, 8 chars. I'll EDIT that right away.
                                         | |||
| 
 | |||
| 
					I got a score of 34 I think, and I have caps, special chars, and it's fairly long lol.
                                         | |||
| 
 | |||
| 
					Great idea! Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are! Then, harvest DB to populate your word list(s) BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.  Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. | |||
| 
 | |||
| (27-02-2013, 06:52 PM)NeoTerra Wrote:(27-02-2013, 05:19 PM)D9u Wrote: Great idea! Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later. | |||
| 
 | |||
| 
					D9u is seeing conspiracies everywhere. Use duckduckgo, you'll be safer. | |||
| 
 | |||
|  | |||
| 
 | |||
| (27-02-2013, 11:57 PM)NeoTerra Wrote:(27-02-2013, 11:33 PM)Jayro Wrote: Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later. Well it could easily be modified to log passwords. :) | |||
| 
 | |||
| 
					My apologies. I didn't mean to infer that Venam was posting a link to a malicious site.
                                         BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.  Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. | |||
| 
 | |||
| 
					Hey i scored a 39 ! What did everyone else get?
                                         
I do Byte
 | |||
| 
 | |||
| 
					I scored 34 but with passwords that doesn't have special chars, with special chars it goes around 40.
                                         | |||
| 
 | |||
| 
					44 points here.
                                         | |||
| 
 | |||
| 
					i thought exact same thing... yay get free passwords, worldlist such haker wow :) i amazed my password (not exact one, moved numbers 1 more with wrap-around exchanged - and _) length of 20 can be hit 50... but it feels 12 or something when you get used to it... | |||
| 
 | |||
| 
					I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.
                                         | |||
| 
 | |||
| 
					"correct horse battery staple" 19 points: weak | |||
| 
 | |||
| 
					I wrote an article in Linux Journal about using two-factor authentication in Linux.  Its a good article (iidssms) http://www.linuxjournal.com/article/8338 it still applies, from what I know.
                                         | |||
| 
 | |||
| 
					so tell me, did anyone view the source to make sure they're not logging passwords as you test them? they dont appear to be (http://www.geekwisdom.com/js/passwordmeter.js) but i'm just curious if anyone even bothered to look before typing. this could have been an awesome bait and switch idea! | |||
| 
 | |||
| 
					There are a lot of password tester online. I never test my own password in them, just in case... As I read once regarded this kind of thread : Somebody on the internet Wrote:So you want me to send my password to some random website, to see how good I am at security ? | |||
| 
 | |||
| 
					^ That's why: Quote:I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length. | |||
| 
 | |||
| 
					haystack password theory, ftw! the basic crux of it comes down to one of entropy. SO, is the password "P@ssw0rd" better or worse than ".....password....."? The later is *exponentially* stronger, yet infinitely easier to remember. Check out GRC's write-up on "haystacks" at https://www.grc.com/haystack.htm | |||
| 
 | |||
| 
					Related to "P@ssw0rd" I'll just leave this here.
                                         | |||

 
                                			
 
                                			



 
                                			


 
                                			
