Filed under: Internet, Security, Microsoft
Microsoft Password Checker: 1234 is not a secure password, who knew?
If you want to avoid being yet another bad movie statistic, you might want to check out Microsoft's Password Checker web site before choosing your next password. As you type characters into the box, Microsoft will let you know just what a bad idea your chosen combination of characters is.
The secret isn't just to choose a long stream of characters. You also want to mix up numbers, letters, and other characters. In fact, we found that you could in 52 numbers and still get a weak score. Microsoft recommends using at least 8 characters, and preferably 14 or more, with a good mix of letters, numbers and symbols.
[via Web Worker Daily]
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
alienvenom said 8:54AM on 3-11-2008
Yeah, it's flawed. "Password" (note the capitol P) is rated medium. Yet a password of "abcdefghijklmnopqrstuvwxyz" is rated low.
Reply
keeves said 8:49AM on 3-11-2008
your example of abcdefghijklmnopqrstuvwxyz, should defiantly be rated low, as it is probably quite common!
Ethan said 8:51AM on 3-11-2008
More notably askjdbaksjdbaskdggmncxvdjf is a weak password.
Koan said 8:54AM on 3-11-2008
That's because if your password was to be brute forced, many brute forcing programs start with a lower case alphabet. Many people don't use uppercase letters in their passwords so a standard lowercase attack works all too often.
However, "abcdefghijklmnopqrstuvwxyz" would take a long time to brute force.
Paul R said 8:51AM on 3-11-2008
I only did a quick check of the code but it appears to send the password to MS' server over http instead of https. I guess if you get a good score you could have considered it a safe password prior to sending it through 20 servers on the internet in cleartext.
Reply
alienvenom said 8:52AM on 3-11-2008
Dude, that's awesome.
Kai said 8:58AM on 3-11-2008
Ahem... I hope you do realize that the code is written in Javascript... that is, the code that determines whether your password is secure or not is run in the web browser, on the client. The password is never sent through the Internet, so it doesn't matter whether the page is loaded through HTTP or HTTPS.
Unless of course, the page is somehow spoofed (DNS hijacking?) with one that sends the password. So maybe HTTPS is still better (because you can verify the certificate, and check that the page is really from Microsoft). And if you desire that, just change the http:// in the link to the page above to https://
EnOne said 11:30AM on 3-11-2008
The only way to get a 'Best' rating is to use a 14+ character password using lower case, capitols, numbers and symbols.
I have difficulty with the Idea of memorizing multiple passwords like this
Reply
Steve G said 6:18PM on 3-11-2008
Then you need RoboForm. Have all the complex passwords you like and you don't have to remember them!
eSeamus said 5:47AM on 3-15-2008
More problematic is that a person's full name and social security number is considered to be the best in terms of security.
Reply