Jan 30, 2015

How can I objectively evaluate how strong my passwords are?

I think my passwords are pretty secure. After all, no one is going to guess 1234567...right? Ok, they are a bit better than that, at least I think they are, but how can I really tell. How can I objectively tell whether my passwords are sufficiently strong or not?
Kaspersky has a password tester:

To measure your passwords objectively, first determine your objective(s).

Sufficiently strong for what?

What or whom are you protecting against and for how long? Your kid brother getting on your computer? Someone guessing your online banking credentials? Someone gaining possession of a password database and having the resources to brute force attack it endlessly?

How long does it need to stand up to an attack? No matter how good your passwords are today, will they still be good in 5 years when computing power has increased, 10 years?

A quick easy check is length and variety of character sets used (UPPER, lower, digits, symbols) If you're using each of the available sets, then longer is stronger.

For more password enlightenment look up and read Steve Gibson's "Death of Clever". It's a pretty good report on an analysis of the stolen and cracked passwords over the last few years. The analysis shows how common it is to create passwords using keyboard tricks, thinking they are unique and clever. Turns out, they are neither!

If you have objectively determined that your password is brilliantly impossible to crack so you use that password for every situation, just remember that your password is no stronger than the security of the weakest place you've entered your password. If an online site you use is compromised and that site stored everyone's username and password in plaintext... now your super password is useless on all of the sites that you have used it.

LastPass is a great tool to use for password management Creation, measurement, storage, etc.

Answer this