Use this tool to check how strong your password is

MickZA

Executive Member
Joined
Jan 19, 2007
Messages
7,575
I was surprised to see that adding spaces between a four word pass phrase I use changed the crack time from 11 years to millions of years ...
 

cr@zydude

Honorary Master
Joined
Jul 20, 2008
Messages
10,217
I was surprised to see that adding spaces between a four word pass phrase I use changed the crack time from 11 years to millions of years ...

I tried this too. Pass phrases really seem to be the way to go.
 

Chris.Geerdts

Expert Member
Joined
Nov 1, 2014
Messages
2,230
I wonder how many people type in passwords they are actually using. The server on the other side could happily scoop up all the attempts into a useful dictionary of words to attempt with.
 

CataclysmZA

Executive Member
Joined
Apr 1, 2010
Messages
5,531
Kaspersky says 5 months for one of my newer passwords, but HSIMP says two quadrillion years. Kaspersky's rating system is tuned to award complex passwords with punctuation and capital letters higher scores. I've used long, 4-6 word strings as passwords for a while for sites that have double-factor authentication or that don't transfer my password in cleartext to the server.

I wonder how many people type in passwords they are actually using. The server on the other side could happily scoop up all the attempts into a useful dictionary of words to attempt with.

We don't really need to do that today, decades of storing passwords in plaintext in databases accessible online to hackers and governments. have done all the work for us. We don't even need to create really powerful computers for guessing PIN codes for bank accounts, because human nature tells us how people approach choosing a PIN.

[video=youtube;MY3XWYr726I]https://www.youtube.com/watch?v=MY3XWYr726I[/video]
 
Last edited:

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
26,428
You want me to enter my password to see how strong it is?
Really?
And you're not harvesting the passwords for use in your sister operation that hacks?
You'll have my IP and my 'secure' password.
And it's safe with ya?
Really??

I have this bridge in New York...
 

CataclysmZA

Executive Member
Joined
Apr 1, 2010
Messages
5,531
You want me to enter my password to see how strong it is?
Really?
And you're not harvesting the passwords for use in your sister operation that hacks?

Both sites seem to generate hashes of your passwords, neither one accepts it in plain text. They're analysing the strength of the hashed data, not your actual password.
 

bwana

MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
86,555

Don't try to fix what wasn't broken.

They say not to enter your real password. If you can't follow that simple instruction you probably deserve what befalls you. ;)
 

atomcrusher

Expert Member
Joined
Jun 27, 2006
Messages
4,208
And here I thought I was being very clever & security-conscious by using #ZumaMustFall for all my passwords
 

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
26,428
I'm a little nervous that as the telco noise/pushback increases globally, Facebook will see an opportunity to monetise WhatsApp by licensing it to telcos, which we'll see in our data charges...
 
Joined
Dec 7, 2010
Messages
78,906
I'm a little nervous that as the telco noise/pushback increases globally, Facebook will see an opportunity to monetise WhatsApp by licensing it to telcos, which we'll see in our data charges...

wrong thread SJW
 

ColinR

Expert Member
Joined
Aug 24, 2006
Messages
3,753
Use Developer Tools (F12) if you want to confirm. There is no network activity when entering passwords.
 

markings

Expert Member
Joined
Jan 24, 2010
Messages
2,031
The hackers pretending to be Kaspersky Lab are getting a nice collection of passwords :)

Mixed case, mixed alpha, numeric and special signs are only important for a human hacker.
Once one sets a computer up to crack a password by brute force any character is as good as any other. The only thing which makes a difference is the length.
 

Paul_S

Executive Member
Joined
Jun 4, 2006
Messages
5,186
This tool (and most others) is a load of nonsense for the following reasons.

1. It assumes that there is no latency present during the brute force attempt.
e.g. If your password is securing a website it assumes that the network and web server response times are 0 milliseconds and that it can immediately try the next sequence. Alternatively it assumes that the web server can handle an infinite number of simultaneous threads which is not possible with any web server in the world.

2. It assumes that the system being brute forced doesn't have a password lock out policy.
Every system that I use has measures in place to prevent brute force attempts by either delaying authentication process or locking the account out after 3 to 5 failed attempts. This stops brute force attacks in their tracks.

Kaspersky Lab just fell out of my good books with this pathetic publicity stunt.
 
Top