I have had the opportunity recently to write a password strength testing tool. As part of my testing, I used some of my own passwords. Shockingly, against my own standards, my own passwords did not hold their own, coming in at around 35 percent. I decided to take this a step further and put a few pass sites to the test. My results were all over the place. Many accepted passwords that were virtually useless others took a bit more of a strict approach. In this article I give you an overview of some of the ones I tried
DISCLAIMER: Aside from my own testing software, I can not guarantee that the passwords you enter on these websites are not being stored, also many of the sites my own included transmit your password in plain text. Please do not enter any passwords to sensitive information in these forms.
My In house checker
This particular checker is actually from an unrelated piece of software I wrote. The interface is pretty simple, the background changes based on the strength of the password you enter. It takes your password runs it through a series of benchmarks and gives you a percentage strength.
- Password must be at least 8 characters in length
- password must have at least 1 lowercase letter, 1 uppercase letter, 1 number, and 1 symbol
- password can’t be a commonly used password
- password can’t contain anymore then 60% of any lowercase, uppercase, numbers, or symbols
Points are awarded based on how many characters are in the password, how many characters are unique, and a higer weight is given to capitals, numbers, and symbols. Points are deducted for having duplicate characters
Microsoft Password Checker
The Microsoft password checker is provided to educate users about online security. Unlike my own checker as you type in characters it assess your password on a scale from weak to medium to strong to best.
- to get medium must have 8 characters
- must have 14 characters to get strong
- must also have a symbol, uppercase, and a number to get best
One thing I quickly noticed about this checker is passwords such as “password” are not disqualified based on how easy they are to guess. It also does not account for patterns, or repeat characters.
How Secure is my Password
This password checker is one of the more robust ones I have found. One of the first things I like about it, is that it warns you about using such software and about the risk of password storage. The background colour changes dynamically based on your password strength which is guessed as you type
- must not be a commonly used password
- patterns are not advised though it will allow it
- repeat characters are not advised though it will allow it
- must have letters, numbers, and symbols
One problem I do have with this checker is that some of it’s warnings such as repeat characters, and patterns are not obvious and the colour changes and crack time reflect otherwise. I do like the interface it’s clean and symbol and it uses a top password list.
Test Your Password
This password checker also doubles as a password generator, allowing you to set a variety of options including letters, numbers, symbols, and length.
- must contain letters, numbers symbols and uppercase
- must be at least 8 characters long
This website provided a video demonstrating how easy a password is to crack which does re-enforce the dangers of using weak passwords.
Many of the password checkers I have tried are good, but you should never trust a machine to tell you if your password is strong enough there are many things you can do to help improve your online security including enabling two-step authentication, and not reusing passwords. There are also many other tips available in my blog post on Online Security.