Jump to content

How Strong is Your Password?

20 posts in this topic

Recommended Posts

Are you hackable or uncrackable?





The weakness of our passwords is an old problem, and especially widely underestimated. Between bad practices and improvement of cracking technics, 2013 may be particularly devastating in terms of intrusion and hacking. An example of a password often used:

  • 4.7% of users have "password" as a password
  • 8.5% of users have "password" or "123456" as a password
  • 9.8% of users have "password", "123456" or "12345678" as a password

According to the Deloitte Annual Report (TMT Predictions 2013), in 2013, 90% of passwords will be vulnerable. Given the using duration of a password (often several years), and the growing potential cracking solutions, it be better to choose a secure and sustainable password. To do this, it must be:

  • Long (at least 15 characters)
  • Complex (lowercase, uppercase, numbers, special characters)
  • Unable to find such in a dictionary (French, English, proper names, encyclopedia, logical sequences, etc.).
  • Easy to remember, but only you
  • Difficult deductible by a third
  • secret

And you? You still think your password protects access to your account (email, social network, etc.)?

To find out, here is an Intel passwords tester (among many others that can be found on the net):


Test your password



original topic

  • Like 3
Link to comment
Share on other sites

A simple guide to strong password protection for those, who do not want to (or for some reason incapable of) remember all the different kinds of passwords.


1. Use password manager that,

1.0 saves password information (login, password, webpage / application) and encrypts this data with master password.

1.1is available on all your devices (e.g. OSX, Windows, iPhone...)

1.2 allows for easy synchronisation over devices, while being still encrypted with master password.

1.3 provides random password generator

2. Choose master password to be long, hard to guess, but easy to remember, for example a whole sentence "th1s IS my m4ster p@ssword sentence, yay!" (use punctuation, numbers, small/large characters, imagination :) )

2.1 NEVER, EVER use master password anywhere in the world

3. generate arbitrary long passwords with full set of different characters with your manager software each time new for each new login/registration/website etc. and save them with this manager. You'd ask why? Simple, websites are sometimes compromised and password data is stolen, see the latest news on Ubisoft for example. If you use same password everywhere... you got the idea.

3.1 NEVER, EVER use any online password generator. You don't know who's eavesdropping, even if the website admin is honourable enough not to save those generated passwords. That's why "1.3"


Even if such software will cost you $$, it is still worth it. I deliberately am not providing links so this does not look like advertising. There are several option available.


A little edit to support password management:


It would take about 4.427207280849075e+54 years to crack your password.
Poor online checker...  :D
  • Like 3
Link to comment
Share on other sites

There are free off-line computer based strong password generators available that employ your web browser Javascript functionality.......for example: http://www.kurtm.net/wpa-pskgen/

  • Like 1
Link to comment
Share on other sites

Have fun.



It would take about 2220152504 years to crack your password.
I'll give a hint. I have supported this company on technical issues, it has an ! in it, and the phone number of my grandmother in some country.
But this was my old password, the new one includes my social security number and what not. ;)
5979516190480 years
Link to comment
Share on other sites

There are free off-line computer based strong password generators available that employ your web browser Javascript functionality.......for example: http://www.kurtm.net/wpa-pskgen/


I changed mine with Maximum WPA Security (63 Characters)


It would take about 2.850706367461684e+73 years to crack your password.

you can use this password meter to measure your password strength    ;)

  • Like 1
Link to comment
Share on other sites

Yes, but I would never remember a random password, while I easily remember a pass phrase which makes sense only to me and to nobody else.


I use such a Javascript random password generator in two ways:


1) Use its Maximum WPA Security (63 Characters) setting to generate a WPA2 password for my WiFi modem/routers that I do not need to continually remember.....


2) Use its Custom function to generate memorable groups of random characters that I manually combine in a longer sequence that I will remember......


This is because the memorable pass phrases that I make up all on my own may not be random enough, as I could be drawing on events and/or dates in my life that other people are also fully aware of (even if I think they are not) and/or using character groups that may be close enough to some "word" in some "language" dictionary, e.g. a Klingon word :lol: etc. for a stochastic / sequential word search approach to crack.......

Link to comment
Share on other sites

Well I used AppleScript to generate my own password


set pwLength to 10 as integer
set res to ""
repeat pwLength times
    set res to res & some item of "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ0123456789"
end repeat
set the clipboard to res
return res
display dialog res



  • Like 1
Link to comment
Share on other sites

with 'TonyMacX86' as a password, I have this:

It would take about 3 weeks to crack your password.


with 'InsaNelyMac', I have this:


It would take about 12 years to crack your password.
we are good!!! we are good!!!
  • Like 1
Link to comment
Share on other sites

That's how. They check it with javascript, calculate entropy (at least how it is called here in the script):

From scripts point of view,

"entropy" of

"InsaNelyMac" is 26^8 * 26^3, whilst

"TonyMacX86" is 26^5 * 26^3 * 10^2 = 26^8 * 10^2





Oh snap, forum auto-censorer censored some profanity words in "top passwords" parameter   :hysterical:



I've removed the "top password" list as forum was not reacting to it kindlly.

You can see it here.

String.prototype.hackability = function() {
 var toppasswords = /long long long long long list of passwords i have erased/g;

 var str = this.replace(toppasswords, "a");  

  function char_count(regex) {
    var matches = str.match(regex);
    return matches ? matches.length : 0;
  function time_to_words(seconds, translation) {
    translation = translation || 'en';
    var translations = {
      en : {
        second : "%d second",
        minute : "%d minute",
        hour : "%d hour",
        day : "%d day",
        week : "%d week",
        month : "%d month",
        year : "%d year",
        seconds : "%d seconds",
        minutes : "%d minutes",
        hours : "%d hours",
        days : "%d days",
        weeks : "%d weeks",
        months : "%d months",
        years : "%d years"
    var strings = translations[translation];
    function sub(unit, number) {
		console.log(unit, number);
      if (number == 1) { 
        return strings[unit].replace(/%d/i, number);
      } else {
        return strings[unit + 's'].replace(/%d/i, number);
    var minutes = (seconds / 60);
    var hours = Math.floor(minutes / 60);
    var days = Math.floor(hours / 24);
    var weeks = Math.floor(days / 7);
    var months = Math.floor(days / 30);
    var years = Math.floor(days / 365);
    var words = seconds < 60 && sub('second', seconds) ||
    minutes < 60 && sub('minute', minutes) ||
    hours < 24 && sub('hour', hours) ||
    days < 7 && sub('day', days) || 
    days < 30 && sub('week', weeks) ||
    months < 12 && sub('month', months) ||
    sub('year', years);
    return "about " + words;

  // num of lowercase (entropy = 26)
  var lowercase_chars = char_count(/[a-z]/g);
  // num of uppercase (entropy = 26)
  var uppercase_chars = char_count(/[A-Z]/g);
  // num of digits (entropy = 10)
  var digit_chars = char_count(/[0-9]/g);
  // num of everything else (entropy = 32)
  var special_chars = char_count(/[^a-zA-Z0-9]/g);

  var lowercase_bits = uppercase_bits = 26;
  var digit_bits = 10;
  var special_bits = 32; //potentially
  var entropy = Math.pow(lowercase_bits,lowercase_chars) * Math.pow(uppercase_bits,uppercase_chars) * Math.pow(digit_bits,digit_chars) * Math.pow(special_bits,special_chars);
  var entropy = entropy /2;
  var _std_comp_power = 2 * Math.pow(2, 33);
  var hours = entropy / _std_comp_power;
  var result = {};
  result.seconds = (Math.floor((hours) * 36000000))/10000;
  result.time_to_words = time_to_words(result.seconds);
  result.message = hours > 24*365*1000 ? "Congratulations! It would take " + result.time_to_words + " for a PC to hack your password!" : "Oh no! It would only take " + result.time_to_words + " for a PC to hack your password!"
  return result;
Link to comment
Share on other sites

  • 2 weeks later...

This is a helpful Javascript password strength checker: http://www.passwordmeter.com/

  • Like 1
Link to comment
Share on other sites


  • Create New...