Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Password Strength Checker

Started by rowal5555 , Jul 29 2011 11:16 PM

Next

Please log in to reply

34 replies to this topic

#1 rowal5555

Just enough info to be armed & dangerous...

Members
2,644 posts

Gender:Male
Location:St Kilda, Dunedin. South Island. NZ

Posted 29 July 2011 - 11:16 PM

Gives an indication of how long it will take to crack your password, and how much you can increase the strength by adding one or more stray characters.

http://www.howsecureismypassword.net/

rowal5555 (Rob )

Avid supporter of Bleeping Computer's
Team 38444
You can help find a cure

Back to top

BC Ads
BleepingComputer.com

#2 tg1911

Lord Spam Magnet

Site Admin
19,247 posts

Gender:Male
Location:SW Louisiana

Posted 30 July 2011 - 08:34 PM

Interesting.
Tried a password like I usually use (11 character):

It would take

About 11 thousand years

for a desktop PC to crack your password

I can live with that.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

Back to top

#3 Keith1

Senior Member

Members
481 posts

Gender:Male
Location:Hamilton, Ohio

Posted 31 July 2011 - 10:06 AM

Very neat - I see that I need to change a couple of my passwords!

I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.

What are your thoughts/recommendations on this please?

Thanks, Keith

Back to top

#4 Andrew

Bleepin' Night Watchman

Moderator
8,004 posts

Gender:Not Telling
Location:Right behind you

Posted 31 July 2011 - 01:52 PM

Give your friend a cookie for being so security conscious! I found nothing nefarious on the page but it's still smart to not hand out your passwords. A similarly constructed password should give the same answers, though: if his password were "bob123" for example, he could test "sue432" and get the same result (in this case, 8 seconds.)

A really good password tool which I use is SuperGenPass. It never stores your generated passwords but yet allows you to uses long and pseudo-random passwords without having to remember them.

It does this by taking the site's domain name (e.g. bleepingcomputer.com) and combining it with a master password that you select. This is then run through the MD5 hashing algorithm to produce a password up to 24 characters long. Additionally, every website will get its own unique password. The only shortcoming in my opinion is that it doesn't have a way to include special characters.

For example, on howsecureismypassword.net using the master password reallysecure gives skgBd8msOf7KAfJOUj9NDQAA as the password for that site:

It would take

About an octillion years

for a desktop PC to crack your password

And as long as I remember that my master password is "reallysecure" I can come back to that website and have my password only a click away.

PS.
1 Octillion is: 1,000,000,000,000,000,000,000,000,000

Edited by Andrew, 31 July 2011 - 01:55 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Boredom Software Stop Highlighting Things

Back to top

#5 Keith1

Senior Member

Members
481 posts

Gender:Male
Location:Hamilton, Ohio

Posted 31 July 2011 - 02:59 PM

Thank you for the reply and link Andrew. I'll surely use that site to set my passwords from now on. One thing that really shocked me - I thought I had a strong password for my online banking, but the checker showed it to be "crackable" in just 5 minutes!!!!!!!

I WILL be passing this information on.

Keith

Back to top

#6 JosiahK

Forum Regular

Members
267 posts

Gender:Male

Posted 02 August 2011 - 09:56 AM

I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.

Apparently this site does everything with Javascript on your machine, and doesn't send anything back to the main server.
The code is certainly there to do what it says it does. It also doesn't ask for any personal information such as an email address, so even if it were snatching back all the combinations you try they couldn't use that to break into anything. The one problem with the system is the assumption that the hacker is using a brute force. For example it tells me that a password "JosiahKIs#1" would take 53 thousand years to break. However since that name is published online and is based on my real name, I doubt it would take anywhere near that long.

Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.

Back to top

#7 Union_Thug

Forum Addict

Members
1,623 posts

Gender:Male
Location:is everything

Posted 05 August 2011 - 11:51 AM

My password will take about 800 trillion ska-skabillion years to crack. I'll give a hint...It's the name of a fish.

Let me Google that for you!

Back to top

#8 killerx525

Bleepin' Aussie

Members
6,398 posts

Gender:Male
Location:Melbourne, Australia

Posted 06 August 2011 - 12:01 AM

Holy crap, my password only takes 6 hours and my other password takes 0.4 seconds although it there are more then 8 characters :blink:

>Michael
System: CPU- AMD Phenom II X6 1090T Black Edition Oc'ed to 3.8GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws X F3-12800CL9D-8GBXL 8GB Kit(4Gx2) DDR3 1600MHz, HDD- Western Digital Caviar Black 1TB, GPU- 2x Asus 6950 1GB Crossfire 850/1250MHz, Motherboard- Gigabyte 990FXA-D3, Case- Coolermaster HAF 932, PSU- Corsair TX-750 V2, Soundcard- Realtek High Definition Audio Sound, OS- Windows 8 Pro 64-Bit
Posted Image

Back to top

#9 MarkGS

Forum Regular

Members
245 posts

Gender:Male

Posted 06 August 2011 - 05:40 PM

408 thousand years.. not too shabby haha.

Back to top

#10 shire

New Member

Members
3 posts

Posted 23 August 2011 - 08:32 PM

for my password it says : About 423 million years :blink:

not so bad,haha,thanks for sharing :thumbsup:

Back to top

#11 Free Safety

Member

Members
27 posts

Posted 28 August 2011 - 07:01 PM

600 years ...not so great but meh it'll do

Back to top

#12 rowal5555

Just enough info to be armed & dangerous...

Members
2,644 posts

Gender:Male
Location:St Kilda, Dunedin. South Island. NZ

Posted 29 August 2011 - 12:06 AM

The way I understand it, brute force hacking involves about 100 attempts/second. Banks and ATMs usually only allow 3-5 attempts before blocking for a few minutes or even permanently. This would increase the time astronomically.

rowal5555 (Rob )

Avid supporter of Bleeping Computer's
Team 38444
You can help find a cure

Back to top

#13 JosiahK

Forum Regular

Members
267 posts

Gender:Male

Posted 29 August 2011 - 02:34 AM

It does depend on how fast you can check passwords. Even a badly written site that doesn't block on 3-5 guesses would take a lot longer to receive and check each attempt than trying to crack a password on a local machine.

Of course no 8 quieaxadzillion years is useful if someone sees you accidentally type the password in the username field.

Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.