Secure Passwords

[jeremy14]

Can we trust this website with our passwords. The website is How Secure Is My Password?

 

[pigoo3]

There area a lot of "password strength checker" websites out there:

* Most of these websites have a statement on them that say they don't track anything.
* On this particular website you're not hitting the "Enter" key at any point (you get the password strength info as you type). Without needing to hit the "Enter" key you're not submitting any info that can be tracked.
* The last thing to remember...these websites have no idea what you're going to use the passwords for (what accounts you may use them with). There's also the possibility you won't use any of them.

HTH,

Nick

 

[Raz0rEdge]

Just because you don't have to hit enter doesn't mean that the data isn't going back to the server, but I did check this website in question and it is indeed doing the analysis purely on the client side.

On the other hand, I would say that most password managers generate secure passwords when given the right options. So this site is more of a fun toy.

 

[pigoo3]

I used a bunch of these websites over time...and each uses a different algorithm to determine the time it might take a fast computer to break a password (thus you might get different results on different sites).

These sites are a nice guide/tool to let folks know how weak some passwords can be (short passwords with repeating values)...versus longer passwords with capitals, numbers & letters, ampersands, etc.).

Again...these sites have no idea where you're going to be using any password you may test. I wouldn't feel "compromised" using one of these sites to test out potential passwords.

Nick

 

[Rod]

There are three types of passwords in my opinion:

Unmemorable Passwords for web sites and online subscriptions. A good strong password of 20+ characters comprising upper and lower case letters, numbers and symbols such as those created by password managers.

Memorable Passwords such as the PIN for your phone/watch or credit/debit cards. These are usually limited to 6-8 digits and often only allow numerals. In this case patterns are easy ways to remember a number sequence. Picture a standard numeric keyboard, top line, left to right is 1,2,3 second line right to left is 6,5,4 so a numeric PIN can be 1,2,3,6,5,4 represented by a continuous line from 1 to 4. All sorts of patterns can be memorised, all much easier than random numbers. I use 3,6.9,5,1,2 for example. Trace it out on a keyboard you will see why.

Then there are master passwords and login passwords for computers, Apple ID and of course, your password manager itself. Obviously you must remember these passwords. Here I find sentences to be the best.
A sentance can be quite long, comprise upper and lower case letters, numbers and symbols but are easily remembered.
eg, "My2Shoes=1Pair", that's 14 characters right there (or 16 if you include the parentheses ) and more than adequate for say, a computer login. I'm sure you can make up a lot more like My2ndCarWasRedButMy1stWasGreen you get the idea.

According to your website the first example above;



Obviously you cant have too many such passwords or they become too difficult to remember but I use one for my computer, one for my Apple ID, one for my Microsoft ID and one for my Google account.
This makes for quick verification for email accounts, App Store purchases and other account verifications on mobile devices.
Of course they are all in my password manager, and should I suffer amnesia I can access that with my thumbprint.

 

[pigoo3]

Here I find sentences to be the best.
A sentence can be quite long, comprise upper and lower case letters, numbers and symbols but are easily remembered.
eg, "My2Shoes=1Pair", that's 14 characters right there (or 16 if you include the parentheses ) and more than adequate for say, a computer login. I'm sure you can make up a lot more like My2ndCarWasRedButMy1stWasGreen you get the idea.

Exactly Rod. This is supposed to be one of the better methods for passwords called a "passphrase"...easier to remember too. Experts also say the longer the password the better...with some experts saying a minimum of 15 characters is the way to go.

Nick

 

[Raz0rEdge]

Just gonna leave this here..

The current NIST guidelines on passwords actually runs counter to how a lot of us think. They suggest not having password guidelines like minimum 8 characters, uppercase, lowercase, number, symbol and have to change that every 90 days and so on. This leads to password fatigue and people tend to compromise on the password security due to the need to change. Rather, they recommend a password that is complex enough but easy to remember that stays intact until an actual need arises to change it.

 

[MacInWin]

There is a website and a process called "What 3 Words" that has divided the globe into 3 meter squares and given each square a three word name. For example, "scared.locals.expect" is third base in Yankee Stadium in NYC. A good, reproducible but obscure, password would be the what3words for someplace in your locale, history or just memorable to you. Doesn't have to be close to you, just something you can narrow down to that meter square. Now add the fourth word for WHY and you have a four word password. With symbols. So, "scared.locals.expect.shutout" would be a password that would work for a Yankee fan who attended a shutout game at the stadium. It could be even more obscure if the password started with the what3words for the seat in which the fan sat. Way too much information to create the passphrase that a hacker would not know. The simplest way to talk about location is the website.