Help
Gives an indication of how long it will take to crack your password, and how much you can increase the strength by adding one or more stray characters.
http://www.howsecureismypassword.net/
Password Strength Checker Interesting
#1
- Just enough info to be armed & dangerous...
-
- Group: Members
- Posts: 2,644
- Joined: 18-March 06
- Gender:Male
- Location:St Kilda, Dunedin. South Island. NZ
Posted 29 July 2011 - 11:16 PM
Back to top
#2
- Lord Spam Magnet
-
- Group: Site Admin
- Posts: 18,574
- Joined: 06-May 04
- Gender:Male
- Location:SW Louisiana
Posted 30 July 2011 - 08:34 PM
Interesting.
Tried a password like I usually use (11 character):
I can live with that.
Tried a password like I usually use (11 character):
Quote
It would take
About 11 thousand years
for a desktop PC to crack your password
About 11 thousand years
for a desktop PC to crack your password
I can live with that.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, GPU: eVGA GeForce 9800 GTX+, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA
Become a BleepingComputer fan: Facebook
Become a BleepingComputer fan: Facebook
#3
- Senior Member
-
- Group: Members
- Posts: 468
- Joined: 06-April 05
- Gender:Male
- Location:Hamilton, Ohio
Posted 31 July 2011 - 10:06 AM
Very neat - I see that I need to change a couple of my passwords!
I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.
What are your thoughts/recommendations on this please?
Thanks, Keith
I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.
What are your thoughts/recommendations on this please?
Thanks, Keith
#4
- Bleepin' Night Watchman
-
- Group: Moderator
- Posts: 7,425
- Joined: 05-December 05
- Gender:Not Telling
- Location:Right behind you
Posted 31 July 2011 - 01:52 PM
Give your friend a cookie for being so security conscious! I found nothing nefarious on the page but it's still smart to not hand out your passwords. A similarly constructed password should give the same answers, though: if his password were "bob123" for example, he could test "sue432" and get the same result (in this case, 8 seconds.)
A really good password tool which I use is SuperGenPass. It never stores your generated passwords but yet allows you to uses long and pseudo-random passwords without having to remember them.
It does this by taking the site's domain name (e.g. bleepingcomputer.com) and combining it with a master password that you select. This is then run through the MD5 hashing algorithm to produce a password up to 24 characters long. Additionally, every website will get its own unique password. The only shortcoming in my opinion is that it doesn't have a way to include special characters.
For example, on howsecureismypassword.net using the master password reallysecure gives skgBd8msOf7KAfJOUj9NDQAA as the password for that site:
And as long as I remember that my master password is "reallysecure" I can come back to that website and have my password only a click away.
PS.
1 Octillion is: 1,000,000,000,000,000,000,000,000,000
A really good password tool which I use is SuperGenPass. It never stores your generated passwords but yet allows you to uses long and pseudo-random passwords without having to remember them.
It does this by taking the site's domain name (e.g. bleepingcomputer.com) and combining it with a master password that you select. This is then run through the MD5 hashing algorithm to produce a password up to 24 characters long. Additionally, every website will get its own unique password. The only shortcoming in my opinion is that it doesn't have a way to include special characters.
For example, on howsecureismypassword.net using the master password reallysecure gives skgBd8msOf7KAfJOUj9NDQAA as the password for that site:
Quote
It would take
About an octillion years
for a desktop PC to crack your password
About an octillion years
for a desktop PC to crack your password
And as long as I remember that my master password is "reallysecure" I can come back to that website and have my password only a click away.
PS.
1 Octillion is: 1,000,000,000,000,000,000,000,000,000
This post has been edited by Andrew: 31 July 2011 - 01:55 PM
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Boredom Software Stop Highlighting Things
Boredom Software Stop Highlighting Things
#5
- Senior Member
-
- Group: Members
- Posts: 468
- Joined: 06-April 05
- Gender:Male
- Location:Hamilton, Ohio
Posted 31 July 2011 - 02:59 PM
Thank you for the reply and link Andrew. I'll surely use that site to set my passwords from now on. One thing that really shocked me - I thought I had a strong password for my online banking, but the checker showed it to be "crackable" in just 5 minutes!!!!!!!
I WILL be passing this information on.
Keith
I WILL be passing this information on.
Keith
#6
- Forum Regular
-
- Group: Members
- Posts: 258
- Joined: 05-August 10
- Gender:Male
Posted 02 August 2011 - 09:56 AM
Keith1, on 31 July 2011 - 10:06 AM, said:
I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.
Apparently this site does everything with Javascript on your machine, and doesn't send anything back to the main server.
The code is certainly there to do what it says it does. It also doesn't ask for any personal information such as an email address, so even if it were snatching back all the combinations you try they couldn't use that to break into anything. The one problem with the system is the assumption that the hacker is using a brute force. For example it tells me that a password "JosiahKIs#1" would take 53 thousand years to break. However since that name is published online and is based on my real name, I doubt it would take anywhere near that long.
Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.
#7
- Bleepin' with the fishes
-
- Group: Members
- Posts: 1,311
- Joined: 30-August 09
- Gender:Male
- Location:is everything
Posted 05 August 2011 - 11:51 AM
My password will take about 800 trillion ska-skabillion years to crack. I'll give a hint...It's the name of a fish. 
#8
- Bleepin' Aussie
-
- Group: Members
- Posts: 5,431
- Joined: 27-September 09
- Gender:Male
- Location:Melbourne, Australia
Posted 06 August 2011 - 12:01 AM
Holy crap, my password only takes 6 hours and my other password takes 0.4 seconds although it there are more then 8 characters 
>Michael
System: CPU- AMD Phenom II X6 1090T Black Edition Oc'ed to 3.8GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws X F3-12800CL9D-8GBXL 8G Kit(4Gx2) DDR3 1600, HDD- Western Digital Caviar Black 1TB 7200 RPM 64MB Cache SATAIII, GPU- Asus EAH6950 1GB Crossfire Oc'ed 900/1310mhz, MB- Gigabyte 990FXA-D3, Case- Coolermaster HAF 932, PSU- Corsair TX-750 V2, Soundcard- Realtek High Definition Audio Sound, OS- Windows 7 Ultimate SP1 64-Bit
System: CPU- AMD Phenom II X6 1090T Black Edition Oc'ed to 3.8GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws X F3-12800CL9D-8GBXL 8G Kit(4Gx2) DDR3 1600, HDD- Western Digital Caviar Black 1TB 7200 RPM 64MB Cache SATAIII, GPU- Asus EAH6950 1GB Crossfire Oc'ed 900/1310mhz, MB- Gigabyte 990FXA-D3, Case- Coolermaster HAF 932, PSU- Corsair TX-750 V2, Soundcard- Realtek High Definition Audio Sound, OS- Windows 7 Ultimate SP1 64-Bit
#9
- Forum Regular
-
- Group: Members
- Posts: 245
- Joined: 22-September 10
- Gender:Male
Posted 06 August 2011 - 05:40 PM
408 thousand years.. not too shabby haha.
#10
- New Member
-
- Group: Members
- Posts: 3
- Joined: 23-August 11
Posted 23 August 2011 - 08:32 PM
for my password it says : About 423 million years not so bad,haha,thanks for sharing 
not so bad,haha,thanks for sharing
#11
- Member
-
- Group: Members
- Posts: 27
- Joined: 19-August 11
Posted 28 August 2011 - 07:01 PM
600 years ...not so great but meh it'll do
#12
- Just enough info to be armed & dangerous...
-
- Group: Members
- Posts: 2,644
- Joined: 18-March 06
- Gender:Male
- Location:St Kilda, Dunedin. South Island. NZ
Posted 29 August 2011 - 12:06 AM
The way I understand it, brute force hacking involves about 100 attempts/second. Banks and ATMs usually only allow 3-5 attempts before blocking for a few minutes or even permanently. This would increase the time astronomically.
#13
- Forum Regular
-
- Group: Members
- Posts: 258
- Joined: 05-August 10
- Gender:Male
Posted 29 August 2011 - 02:34 AM
It does depend on how fast you can check passwords. Even a badly written site that doesn't block on 3-5 guesses would take a lot longer to receive and check each attempt than trying to crack a password on a local machine.
Of course no 8 quieaxadzillion years is useful if someone sees you accidentally type the password in the username field.
Of course no 8 quieaxadzillion years is useful if someone sees you accidentally type the password in the username field.
Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.
#14
- New Member
-
- Group: Members
- Posts: 9
- Joined: 29-August 11
- Gender:Male
- Location:Mebane, NC
Posted 29 August 2011 - 05:24 AM
4 Days... Hm... I either never need to piss off a hacker, or change my password. I think I'll do both 
Mihi placet crustum. Because pie is so important and spiritually enlightening, that it must only be spoke of in Latin.
#15
- Member
-
- Group: Members
- Posts: 40
- Joined: 18-August 11
- Gender:Male
Posted 30 August 2011 - 09:17 PM
Rodax, on 29 August 2011 - 05:24 AM, said:
4 Days... Hm... I either never need to piss off a hacker, or change my password. I think I'll do both
Lmao ^ good idea..
Wow, I thought my passwords were secure, guess I was wrong. Only takes a few days to hack them apparently
