Hello *nixers,
Passwords are becoming less and less secure.
One solution is to show the end user how weak his password is.
http://www.geekwisdom.com/dyn/passwdmeter
However, for the average user, a 8 chars password is already the limit of his/her 8bits memory can support.

You can also use RSA keys, but it's not the everyday user that will use that.

Sorry, 8 chars. I'll EDIT that right away.

I got a score of 34 I think, and I have caps, special chars, and it's fairly long lol.

Great idea!
Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are!

Then, harvest DB to populate your word list(s)

(27-02-2013, 06:52 PM)NeoTerra Wrote:

(27-02-2013, 05:19 PM)D9u Wrote: Great idea!
Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are!

Then, harvest DB to populate your word list(s)

It's just a text box, there isn't anything being submitted. Though it's likely possible, I doubt that venam would link a site that harvests passwords.

Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later.

D9u is seeing conspiracies everywhere.
Use duckduckgo, you'll be safer.

(28-02-2013, 03:33 AM)venam Wrote: D9u is seeing conspiracies everywhere.
Use duckduckgo, you'll be safer.

+1

(27-02-2013, 11:57 PM)NeoTerra Wrote:

(27-02-2013, 11:33 PM)Jayro Wrote: Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later.

Looking at the script, there isn't anything there that seems suspicious xD

Well it could easily be modified to log passwords. :)

My apologies. I didn't mean to infer that Venam was posting a link to a malicious site.

Hey i scored a 39 ! What did everyone else get?

I scored 34 but with passwords that doesn't have special chars, with special chars it goes around 40.

44 points here.

i thought exact same thing... yay get free passwords, worldlist such haker wow :)

i amazed my password (not exact one, moved numbers 1 more with wrap-around exchanged - and _) length of 20 can be hit 50... but it feels 12 or something when you get used to it...

I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.

"correct horse battery staple"

19 points: weak

I wrote an article in Linux Journal about using two-factor authentication in Linux. Its a good article (iidssms) http://www.linuxjournal.com/article/8338 it still applies, from what I know.

so tell me,
did anyone view the source to make sure they're not logging passwords as you test them? they dont appear to be (http://www.geekwisdom.com/js/passwordmeter.js) but i'm just curious if anyone even bothered to look before typing. this could have been an awesome bait and switch idea!

There are a lot of password tester online. I never test my own password in them, just in case... As I read once regarded this kind of thread :

Somebody on the internet Wrote:So you want me to send my password to some random website, to see how good I am at security ?

^ That's why:

Quote:I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.

haystack password theory, ftw!

the basic crux of it comes down to one of entropy. SO, is the password "P@ssw0rd" better or worse than ".....password....."? The later is *exponentially* stronger, yet infinitely easier to remember. Check out GRC's write-up on "haystacks" at https://www.grc.com/haystack.htm

Related to "P@ssw0rd" I'll just leave this here.