If you want to avoid being yet another bad movie statistic, you might want to check out Microsoft's Password Checker web site before choosing your next password. As you type characters into the box, Microsoft will let you know just what a bad idea your chosen combination of characters is.
The secret isn't just to choose a long stream of characters. You also want to mix up numbers, letters, and other characters. In fact, we found that you could in 52 numbers and still get a weak score. Microsoft recommends using at least 8 characters, and preferably 14 or more, with a good mix of letters, numbers and symbols.
[via Web Worker Daily]
Reader Comments (Page 1 of 1)
3-11-2008 @ 8:51AM
Paul R said...
I only did a quick check of the code but it appears to send the password to MS' server over http instead of https. I guess if you get a good score you could have considered it a safe password prior to sending it through 20 servers on the internet in cleartext.
Reply
3-11-2008 @ 8:52AM
alienvenom said...
Dude, that's awesome.
3-11-2008 @ 8:58AM
Kai said...
Ahem... I hope you do realize that the code is written in Javascript... that is, the code that determines whether your password is secure or not is run in the web browser, on the client. The password is never sent through the Internet, so it doesn't matter whether the page is loaded through HTTP or HTTPS.
Unless of course, the page is somehow spoofed (DNS hijacking?) with one that sends the password. So maybe HTTPS is still better (because you can verify the certificate, and check that the page is really from Microsoft). And if you desire that, just change the http:// in the link to the page above to https://
3-11-2008 @ 8:54AM
alienvenom said...
Yeah, it's flawed. "Password" (note the capitol P) is rated medium. Yet a password of "abcdefghijklmnopqrstuvwxyz" is rated low.
Reply
3-11-2008 @ 8:49AM
keeves said...
your example of abcdefghijklmnopqrstuvwxyz, should defiantly be rated low, as it is probably quite common!
3-11-2008 @ 8:51AM
Ethan said...
More notably askjdbaksjdbaskdggmncxvdjf is a weak password.
3-11-2008 @ 8:54AM
Koan said...
That's because if your password was to be brute forced, many brute forcing programs start with a lower case alphabet. Many people don't use uppercase letters in their passwords so a standard lowercase attack works all too often.
However, "abcdefghijklmnopqrstuvwxyz" would take a long time to brute force.
3-11-2008 @ 11:30AM
EnOne said...
The only way to get a 'Best' rating is to use a 14+ character password using lower case, capitols, numbers and symbols.
I have difficulty with the Idea of memorizing multiple passwords like this
Reply
3-11-2008 @ 6:18PM
Steve G said...
Then you need RoboForm. Have all the complex passwords you like and you don't have to remember them!
3-15-2008 @ 5:47AM
eSeamus said...
More problematic is that a person's full name and social security number is considered to be the best in terms of security.
Reply