Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password Strength Checker


  • Please log in to reply
34 replies to this topic

#1 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:12:46 AM

Posted 29 July 2011 - 11:16 PM

Gives an indication of how long it will take to crack your password, and how much you can increase the strength by adding one or more stray characters.

http://www.howsecureismypassword.net/

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:46 AM

Posted 30 July 2011 - 08:34 PM

Interesting.
Tried a password like I usually use (11 character):

It would take

About 11 thousand years

for a desktop PC to crack your password


I can live with that. :)
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Keith1

Keith1

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamilton, Ohio
  • Local time:06:46 AM

Posted 31 July 2011 - 10:06 AM

Very neat - I see that I need to change a couple of my passwords!

I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.


What are your thoughts/recommendations on this please?

Thanks, Keith

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:46 AM

Posted 31 July 2011 - 01:52 PM

Give your friend a cookie for being so security conscious! I found nothing nefarious on the page but it's still smart to not hand out your passwords. A similarly constructed password should give the same answers, though: if his password were "bob123" for example, he could test "sue432" and get the same result (in this case, 8 seconds.)

A really good password tool which I use is SuperGenPass. It never stores your generated passwords but yet allows you to uses long and pseudo-random passwords without having to remember them.

It does this by taking the site's domain name (e.g. bleepingcomputer.com) and combining it with a master password that you select. This is then run through the MD5 hashing algorithm to produce a password up to 24 characters long. Additionally, every website will get its own unique password. The only shortcoming in my opinion is that it doesn't have a way to include special characters.

For example, on howsecureismypassword.net using the master password reallysecure gives skgBd8msOf7KAfJOUj9NDQAA as the password for that site:

It would take

About an octillion years

for a desktop PC to crack your password

And as long as I remember that my master password is "reallysecure" I can come back to that website and have my password only a click away.




PS.
1 Octillion is: 1,000,000,000,000,000,000,000,000,000

Edited by Andrew, 31 July 2011 - 01:55 PM.


#5 Keith1

Keith1

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamilton, Ohio
  • Local time:06:46 AM

Posted 31 July 2011 - 02:59 PM

Thank you for the reply and link Andrew. I'll surely use that site to set my passwords from now on. One thing that really shocked me - I thought I had a strong password for my online banking, but the checker showed it to be "crackable" in just 5 minutes!!!!!!!

I WILL be passing this information on.

Keith

#6 JosiahK

JosiahK

  • Members
  • 269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 02 August 2011 - 09:56 AM

I have a question. I sent the link to a friend, but he is very leary of typing in an actual password, which is surely understandable. I can see where a "similar" password would be safer to try. After reading through the FAQ in the link, it does sound "safe" to try a real password, but I'm just not really sure about this.


Apparently this site does everything with Javascript on your machine, and doesn't send anything back to the main server.
The code is certainly there to do what it says it does. It also doesn't ask for any personal information such as an email address, so even if it were snatching back all the combinations you try they couldn't use that to break into anything. The one problem with the system is the assumption that the hacker is using a brute force. For example it tells me that a password "JosiahKIs#1" would take 53 thousand years to break. However since that name is published online and is based on my real name, I doubt it would take anywhere near that long.
Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.

#7 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:46 AM

Posted 05 August 2011 - 11:51 AM

My password will take about 800 trillion ska-skabillion years to crack. I'll give a hint...It's the name of a fish. :P

#8 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:10:46 PM

Posted 06 August 2011 - 12:01 AM

Holy crap, my password only takes 6 hours and my other password takes 0.4 seconds although it there are more then 8 characters :blink:

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#9 MarkGS

MarkGS

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 AM

Posted 06 August 2011 - 05:40 PM

408 thousand years.. not too shabby haha.

#10 shire

shire

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 23 August 2011 - 08:32 PM

for my password it says : About 423 million years :blink: not so bad,haha,thanks for sharing :thumbsup:

#11 Free Safety

Free Safety

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 28 August 2011 - 07:01 PM

600 years ...not so great but meh it'll do

#12 rowal5555

rowal5555

    Just enough info to be armed & dangerous...

  • Topic Starter

  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:12:46 AM

Posted 29 August 2011 - 12:06 AM

The way I understand it, brute force hacking involves about 100 attempts/second. Banks and ATMs usually only allow 3-5 attempts before blocking for a few minutes or even permanently. This would increase the time astronomically.

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#13 JosiahK

JosiahK

  • Members
  • 269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 29 August 2011 - 02:34 AM

It does depend on how fast you can check passwords. Even a badly written site that doesn't block on 3-5 guesses would take a lot longer to receive and check each attempt than trying to crack a password on a local machine.

Of course no 8 quieaxadzillion years is useful if someone sees you accidentally type the password in the username field.
Quod non mortiferum, fortiorem me facit.
I don't read minds. Please help everyone by answering any questions and reporting on the results of any instructions. Query any concerns and explain problems or complications.

#14 Rodax

Rodax

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mebane, NC
  • Local time:07:46 AM

Posted 29 August 2011 - 05:24 AM

4 Days... Hm... I either never need to piss off a hacker, or change my password. I think I'll do both :busy:
Mihi placet crustum. Because pie is so important and spiritually enlightening, that it must only be spoke of in Latin.

#15 TheUltimatum7

TheUltimatum7

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 AM

Posted 30 August 2011 - 09:17 PM

4 Days... Hm... I either never need to piss off a hacker, or change my password. I think I'll do both :busy:


Lmao ^ good idea..

Wow, I thought my passwords were secure, guess I was wrong. Only takes a few days to hack them apparently :o




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users