+- nixers (https://nixers.net)
+-- Forum: Operating Systems & Administration (https://nixers.net/Forum-Operating-Systems-Administration)
+--- Forum: Security & Cryptography (https://nixers.net/Forum-Security-Cryptography)
+--- Thread: Protect your users by showing them how weak they are (/Thread-Protect-your-users-by-showing-them-how-weak-they-are)
Protect your users by showing them how weak they are - venam - 26-02-2013
Hello *nixers,
Passwords are becoming less and less secure.
One solution is to show the end user how weak his password is.
http://www.geekwisdom.com/dyn/passwdmeter
However, for the average user, a 8 chars password is already the limit of his/her 8bits memory can support.
You can also use RSA keys, but it's not the everyday user that will use that.
RE: Protect your users by showing them how weak they are - venam - 27-02-2013
Sorry, 8 chars. I'll EDIT that right away.
RE: Protect your users by showing them how weak they are - Mafia - 27-02-2013
I got a score of 34 I think, and I have caps, special chars, and it's fairly long lol.
RE: Protect your users by showing them how weak they are - D9u - 27-02-2013
Great idea!
Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are!
Then, harvest DB to populate your word list(s)
RE: Protect your users by showing them how weak they are - Jayro - 27-02-2013
(27-02-2013, 06:52 PM)NeoTerra Wrote:(27-02-2013, 05:19 PM)D9u Wrote: Great idea!
Get people to enter their password(s) into your DB by scoring how "secure" their password(s) is/are!
Then, harvest DB to populate your word list(s)
It's just a text box, there isn't anything being submitted. Though it's likely possible, I doubt that venam would link a site that harvests passwords.
Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later.
RE: Protect your users by showing them how weak they are - venam - 28-02-2013
D9u is seeing conspiracies everywhere.
Use duckduckgo, you'll be safer.
RE: Protect your users by showing them how weak they are - Mafia - 28-02-2013
(28-02-2013, 03:33 AM)venam Wrote: D9u is seeing conspiracies everywhere.
Use duckduckgo, you'll be safer.
+1
RE: Protect your users by showing them how weak they are - Jayro - 28-02-2013
(27-02-2013, 11:57 PM)NeoTerra Wrote:(27-02-2013, 11:33 PM)Jayro Wrote: Nothing needs to be submitted. It could store the password the same way it is using Ajax to turn it into a variable and run it through all of the security tests. It may not get posted to the server right away, but could probably be placed in a cookie and read later.
Looking at the script, there isn't anything there that seems suspicious xD
Well it could easily be modified to log passwords. :)
RE: Protect your users by showing them how weak they are - D9u - 28-02-2013
My apologies. I didn't mean to infer that Venam was posting a link to a malicious site.
RE: Protect your users by showing them how weak they are - FreeBSD - 01-03-2013
Hey i scored a 39 ! What did everyone else get?
RE: Protect your users by showing them how weak they are - venam - 01-03-2013
I scored 34 but with passwords that doesn't have special chars, with special chars it goes around 40.
RE: Protect your users by showing them how weak they are - engraze - 06-03-2013
44 points here.
RE: Protect your users by showing them how weak they are - pvtmert - 15-07-2014
i thought exact same thing... yay get free passwords, worldlist such haker wow :)
i amazed my password (not exact one, moved numbers 1 more with wrap-around exchanged - and _) length of 20 can be hit 50... but it feels 12 or something when you get used to it...
RE: Protect your users by showing them how weak they are - shtols - 17-07-2014
I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.
RE: Protect your users by showing them how weak they are - z3bra - 18-07-2014
"correct horse battery staple"
19 points: weak
RE: Protect your users by showing them how weak they are - sodaphish - 19-07-2014
I wrote an article in Linux Journal about using two-factor authentication in Linux. Its a good article (iidssms) http://www.linuxjournal.com/article/8338 it still applies, from what I know.
RE: Protect your users by showing them how weak they are - xero - 26-08-2014
so tell me,
did anyone view the source to make sure they're not logging passwords as you test them? they dont appear to be (http://www.geekwisdom.com/js/passwordmeter.js) but i'm just curious if anyone even bothered to look before typing. this could have been an awesome bait and switch idea!
RE: Protect your users by showing them how weak they are - z3bra - 27-08-2014
There are a lot of password tester online. I never test my own password in them, just in case... As I read once regarded this kind of thread :
Somebody on the internet Wrote:So you want me to send my password to some random website, to see how good I am at security ?
RE: Protect your users by showing them how weak they are - shtols - 27-08-2014
^ That's why:
Quote:I used a made-up password that follows my usual password-scheme closely. I scored 53, mainly because of the length.
RE: Protect your users by showing them how weak they are - sodaphish - 28-08-2014
haystack password theory, ftw!
the basic crux of it comes down to one of entropy. SO, is the password "P@ssw0rd" better or worse than ".....password....."? The later is *exponentially* stronger, yet infinitely easier to remember. Check out GRC's write-up on "haystacks" at https://www.grc.com/haystack.htm
RE: Protect your users by showing them how weak they are - shtols - 28-08-2014
Related to "P@ssw0rd" I'll just leave this here.