Video Screencast Help
Security Community Blog

Test your password : Strength Test

Created: 15 Apr 2011 • 3 comments
riva11's picture
+10 10 Votes
Login to vote

I found another good resource to to check how is safe or weak a password.  In the example below, I tested an easy password  : " password  " and The Password Checker (  Strength Test - http://rumkin.com/tools/password/passchk.php ) gives an estimation about how strong is this password in terms of strenght, entropy and charset size.

 

  • Warnings are shown if you enter a common password.
  • Warnings are shown if your password is very short (4 or less characters) or if it is short (less than 8 characters)
  • Password strength is determined with this chart, which might be a bit of a stretch for a non-critical password:

          < 28 bits = Very Weak; might keep out family members
             28 - 35 bits = Weak; should keep out most people, often good for desktop login passwords
            36 - 59 bits = Reasonable; fairly secure passwords for network and company passwords
            60 - 127 bits = Strong; can be good for guarding financial information
           128+ bits = Very Strong; often overkill

  • The number of bits listed for entropy is an estimate based on letter pair combinations in the English language. To make the frequency tables a   reasonable size, I have lumped all non-alphabetic characters together into the same group. Because of this, your entropy score will be lower than your real score when you use several symbols.
  • For determining the character set, letters are grouped into a-z, A-Z, numbers, symbols above numbers, other symbols, and other characters. If your passphrase contains a character from the subset, that subset is added to the pool, increasing the size of the character set and increasing the amount of entropy in your password.

Link : Strength Test

About password testing , read also : Test your password : How Secure Is My Password , Test your password : Microsoft password checker, Test your password : The Password Meter

Comments 3 CommentsJump to latest comment

Ian_C.'s picture

Didn't knopw about this one, thanks.

 

I personally like this implementation: http://www.passwordmeter.com/ They show you how they evaluate the password with the different required options. Plus you can download the code.

Microsofts implementation always felt to me lacking in substance: https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link

This one was top of the Google search & has a good write up: http://www.hammerofgod.com/passwordcheck.aspx

Please mark the post that best solves your problem as the answer to this thread.
+1
Login to vote
itebyte's picture

great test,txs!

+1
Login to vote
vickyj's picture

Interesting post

Thanks & regards,

Mr. Vicky D Jadhav

Tech Support Analyst – SEP (FL)

Symantec Corporation - www.symantec.

-1
Login to vote