Date: Tue, 8 May 2007 16:29:31 +0100 From: geni geniice@gmail.com Subject: Re: [WikiEN-l] Feasible security idea for login? (was: Admin account cracker about to be run internally)
<
So far every password testing website the IRC crew tested rated Password123456 as at least moderate. -- geni
Try this checker
http://www.lugnet.com/people/members/pwsa/
It rates password123456 as weak and says why...
Appraisal: Weak (FAIL) Weaknesses:
* Highly risky: o Numeric sequence 123456 o Keyboard row sequence 123456 o Keyboard neighbor sequence 123456 o Ascending ASCII sequence 123456 * Mildly risky: o Absent of any special characters (non-alphanumeric) o Dictionary words: 123456, 12345, password, sword * Slightly risky: o Character run ss o Absent of any capital letters A-Z o Numeric sequence 123456 (from 123456) o Numeric sequence 55 (from ss) o Dictionary words: 1234, 123, 234, 3456, asg (from 456), ass, asw, diz (from d12), dize (from d123), drow (from word), eas (from 345), easg (from 3456), ehs (from 345), ize (from 123), lze (from 123), ord, pas, pass, rdi (from rd1), rdl (from rd1), rows (from swor), saez (from 2345), shez (from 2345), ssap (from pass), ssw, swo, swor, wor, word, zea (from 234), zeh (from 234), zehs (from 2345)
Estimate of overall strength: -609%
That's not at all an acceptable rating from that checker and lugnet will not let you use password123456 as a password unless you check a box saying that you accept that it's sucky.
Todd might or might not be willing to share this code (it's not GFDL at this time)... But there ARE better password checkers out there.
Larry Pieniazek Work mail: lpieniaz at us.ibm.com Hobby mail: lar at miltontrainworks.com