<![CDATA[Password strength]]>

<![CDATA[Password strength]]> http://brainstorm.ubuntu.com/item/5682/
I originally thought that this would be good for the users login password. However, possibly this could be implemented for all passwords system wide.

[355 votes] Solution #1: Auto-generated solution of idea #5682

]]> en-us Tue, 25 Mar 2008 12:38:34 +0000 Fri, 23 Oct 2009 08:13:14 +0000 QAPoll module http://brainstorm.ubuntu.com/idea/5682/ Comment from Auzy ]]> Tue, 25 Mar 2008 13:13:05 +0000 Comment from Eldmannen Tue, 25 Mar 2008 19:25:24 +0000 Comment from spyyder Tue, 25 Mar 2008 19:31:15 +0000 Comment from Eldmannen Indeed.

It could automatically be applied for all software that use a "password field", or as an optional feature to be called.]]> Tue, 25 Mar 2008 21:58:53 +0000 Comment from fordplay
1 point for password 6 or more characters
2 points for passwords 8 or more characters
2 points for passwords that contain letters and numbers
1 point for containing a capital letter
2 points for more than 1 capital letter
-1 point for repeatition of characters, more than twice.
-2 points for password containing words in available wordlists.
-2 point for begining a popular password, stored in a new popular passwords wordlist.

Results:-
qwerty1234 = -2, 2 points for containing letters and number and -2 for qwerty being in an easy to guess password list and -2 for 1234 being in an easy to guess password list.

BBslwys90 = 6, 2 points for being more than 8 characters, 2 points for containing numbers and letter, 2 points for containing 2 uppercase letters.

]]> Thu, 26 Jun 2008 09:58:47 +0000 Comment from sandoz Your system unfortunately discriminates against other methods of password picking. E.g. the Diceware-method. (see http://en.wikipedia.org/wiki/Diceware )

The advantage of the Diceware-method is that you can calculate the strength of the password and that it's using a strongly randomized password picking procedure. For usability reasons it operates with dictionary words, resulting in long, but easy to remember passwords/passphrases.

With you system, those strong passphrases would be voted negative, for each word found in the wordlists.

So you should add a rule which increases the points with increased length of the password (above 8 characters) to compensate that.

And you should modify your rule, that it is used only for the first two/three words found.

Just my two cents.
]]> Mon, 30 Jun 2008 08:41:14 +0000 Comment from fordplay
Good point. My system certainly needs abit of work. However, I feel that something similar would be good enough to remind users that '1234' or 'password' is not a good password.

Some further read on password strengh.
Leaked password analysis.
http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html

Ajax version of something similar
http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/
]]> Tue, 01 Jul 2008 11:17:06 +0000 Comment from yzarc Wed, 06 Aug 2008 12:25:22 +0000