auslogic Sunday, 20 May 2012, 6:56PM

Password security

Local Security

If you are using your computer in a shared environment then a password is a must for your Windows account. An office environment is different to a home environment where you may simply have the system auto logon to an account.

Online Account

A strong password is essential for internet banking and your PayPal account. With the risk of identity theft growing every day you also need to strongly guard your email service and Facebook account.

Password Complexity

The best passwords are ones that are complex in that they include letters (lowercase and uppercase), numbers and special characters (such as !@#$). When a program or website asks you to create a password they will normally enforce a length rule e.g. 5 to 8 characters, 8 to 10 etc. Choose eight characters at the very least but 12 is better and some programs class a password less than 20 characters as being weak!

It is important that you do not create passwords that are built on dictionary words as they are the easiest to break with brute force crackers. A password made up of lower case characters only is the weakest so a mixture of cases and numbers will dramatically slow down a crack attempt, and special characters more so.

It is very bad practice to use your own name, a family member or pet name, a date of birth, an anniversary or your street name as part of the password.

Once you have created a new password make sure you can commit it to memory only - you must not write it down. Some people generate very difficult passwords that are unlikely to ever be broken but they make it too hard for themselves and record it somewhere, often it can be found scribbled on a piece of paper taped onto the computer monitor.

LockDown has a useful document on how long it takes for a computer or a group of computers to guess a password based on its relative strength and the computational power behind the attack.

You can use the following password calculator to test the strength of an existing password or to generate a new one.

 

 

auslogic
Test Your Password Minimum Requirements
Password:
  • Minimum 8 characters in length
  • Contains 3/4 of the following items:
    - Uppercase Letters
    - Lowercase Letters
    - Numbers
    - Symbols
Hide:
Score:
0%
 
Complexity:
Too Short
Additions Type Rate Count Bonus
 
 Number of Characters Flat +(n*4)
 
 
 
 Uppercase Letters Cond/Incr +((len-n)*2)
 
 
 
 Lowercase Letters Cond/Incr +((len-n)*2)
 
 
 
 Numbers Cond +(n*4)
 
 
 
 Symbols Flat +(n*6)
 
 
 
 Middle Numbers or Symbols Flat +(n*2)
 
 
 
 Requirements Flat +(n*2)
 
 
Deductions
 
 Letters Only Flat -n
 
 
 
 Numbers Only Flat -n
 
 
 
 Repeat Characters (Case Insensitive) Comp -
 
 
 
 Consecutive Uppercase Letters Flat -(n*2)
 
 
 
 Consecutive Lowercase Letters Flat -(n*2)
 
 
 
 Consecutive Numbers Flat -(n*2)
 
 
 
 Sequential Letters (3+) Flat -(n*3)
 
 
 
 Sequential Numbers (3+) Flat -(n*3)
 
 
 
 Sequential Symbols (3+) Flat -(n*3)
 
 
Legend
  •  
    Exceptional: Exceeds minimum standards. Additional bonuses are applied.
  •  
    Sufficient: Meets minimum standards. Additional bonuses are applied.
  •  
    Warning: Advisory against employing bad practices. Overall score is reduced.
  •  
    Failure: Does not meet the minimum standards. Overall score is reduced.
Quick Footnotes
Flat: Rates that add/remove in non-changing increments.
Incr: Rates that add/remove in adjusting increments.
Cond: Rates that add/remove depending on additional factors.
Comp: Rates that are too complex to summarize. See source code for details.
n: Refers to the total number of occurrences.
len: Refers to the total password length.
• Additional bonus scores are given for increased character variety.
• Final score is a cumulative result of all bonuses minus deductions.
• Final score is capped with a minimum of 0 and a maximum of 100.
• Score and Complexity ratings are not conditional on meeting minimum requirements.
DISCLAIMER

This application is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation. Since no official weighting system exists, we created our own formulas to assess the overall strength of a given password. Please note, that this application does not utilize the typical "days-to-crack" approach for strength determination. We have found that particular system to be severely lacking and unreliable for real-world scenarios. This application is neither perfect nor foolproof, and should only be utilized as a loose guide in determining methods for improving the password creation process.