Protect your users by showing them how weak they are - Security & Cryptography
Users browsing this thread: 6 Guest(s)
|
|||
Hello *nixers,
Passwords are becoming less and less secure. One solution is to show the end user how weak his password is. http://www.geekwisdom.com/dyn/passwdmeter However, for the average user, a 8 chars password is already the limit of his/her 8bits memory can support. You can also use RSA keys, but it's not the everyday user that will use that. |
|||
|
|||
Sorry, 8 chars. I'll EDIT that right away.
|
|||
|
|||
I got a score of 34 I think, and I have caps, special chars, and it's fairly long lol.
|
|||
|
|||
Great idea!
Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are! Then, harvest DB to populate your word list(s) BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.
Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. |
|||
|
|||
(27-02-2013, 06:52 PM)NeoTerra Wrote:(27-02-2013, 05:19 PM)D9u Wrote: Great idea! Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later. |
|||
|
|||
D9u is seeing conspiracies everywhere.
Use duckduckgo, you'll be safer. |
|||
|
|||
|
|||
|
|||
(27-02-2013, 11:57 PM)NeoTerra Wrote:(27-02-2013, 11:33 PM)Jayro Wrote: Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later. Well it could easily be modified to log passwords. :) |
|||
|
|||
My apologies. I didn't mean to infer that Venam was posting a link to a malicious site.
BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.
Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. |
|||
|
|||
Hey i scored a 39 ! What did everyone else get?
I do Byte
|
|||
|
|||
I scored 34 but with passwords that doesn't have special chars, with special chars it goes around 40.
|
|||
|
|||
44 points here.
|
|||
|
|||
i thought exact same thing... yay get free passwords, worldlist such haker wow :)
i amazed my password (not exact one, moved numbers 1 more with wrap-around exchanged - and _) length of 20 can be hit 50... but it feels 12 or something when you get used to it... |
|||
|
|||
I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.
|
|||
|
|||
"correct horse battery staple"
19 points: weak |
|||
|
|||
I wrote an article in Linux Journal about using two-factor authentication in Linux. Its a good article (iidssms) http://www.linuxjournal.com/article/8338 it still applies, from what I know.
|
|||
|
|||
so tell me,
did anyone view the source to make sure they're not logging passwords as you test them? they dont appear to be (http://www.geekwisdom.com/js/passwordmeter.js) but i'm just curious if anyone even bothered to look before typing. this could have been an awesome bait and switch idea! |
|||
|
|||
There are a lot of password tester online. I never test my own password in them, just in case... As I read once regarded this kind of thread :
Somebody on the internet Wrote:So you want me to send my password to some random website, to see how good I am at security ? |
|||
|
|||
^ That's why:
Quote:I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length. |
|||
|
|||
haystack password theory, ftw!
the basic crux of it comes down to one of entropy. SO, is the password "P@ssw0rd" better or worse than ".....password....."? The later is *exponentially* stronger, yet infinitely easier to remember. Check out GRC's write-up on "haystacks" at https://www.grc.com/haystack.htm |
|||
|
|||
Related to "P@ssw0rd" I'll just leave this here.
|
|||