This tool is intended to aid in the choosing of passwords… The original site that I downloaded it from is lost in the annuals of my web browsing history, but I am making this available, so that you the user have a better guide on how to create a solid password.
The passwords are not stored, or saved in any way. They only exist in your browser. The source code for this page is available for download at the bottom of the page.
What makes a strong password
To an attacker, a strong password should seem to be a random string of characters. The following criteria can help your passwords do so:
- Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.
- Many systems also support use of a space in passwords, so you can create a phrase made of many words (a “pass phrase”). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.
- Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:
- The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that has symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
- Use the entire keyboard, not just the most common characters. Symbols typed by holding down the “Shift” key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
- Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected to remain secure and effective.
Here is Sophos’s Graham Cluley explaining a simple way of creating a complex hard-to-guess password – and how you should never use the same password on different sensitive websites.
How to Avoid a Weak Password
Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:
- Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not help make secure passwords.
- Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try to crack your password will not be fooled by common look-alike replacements, such as to replace an ‘i’ with a ‘1’ or an ‘a’ with ‘@’ as in “M1cr0$0ft” or “[email protected]”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones is a bad password choice. This is one of the first things criminals will try.
- Avoid dictionary words in any language. Criminals use advanced tools that can rapidly guess passwords based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
- Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems. A good password manager may make it easier for you to use multiple passwords (eg. 1Password, etc)
[iframe http://schollnick.net/pwd_meter/index.htm 800 1400]