I spent a lot of today writing a function to determine how secure a password is. It's based on a wide variety of things ranging from the length, number of unique characters and whether or not it is common - just to name a few. I've tested it for several hours and it seems to be quite realistic.

Basically it breaks down any string into 200 points, and a password earns points based on different credentials it meets. From my experience with researching how cracking is done this seems to be a fairly accurate approach.

Aside from checking the syntax of a password, it is also checking the password against a database of the most commonly used passwords. I currently only have 3,000 give or take but hope to increase this database when I can get a-hold of an even larger one. Even though this database is quite small in comparison to how large it could be, I was able to crack over 100 TT members' passwords using the database. This goes to show - many of you don't have very safe passwords. For those of you who have a password found in the common passwords database - your account could be cracked in a matter of mere seconds by someone with the will. That is not an exaggeration since I have tested this on some of my own as well.

Anyhow, whenever new members sign up or whenever you reset your password, it will now perform a live check to determine how safe it is. It is not only comparing the syntax of the password, but checking the database through an AJAX call to determine if you have made a bad decision.

The less of the colored bar (red) you see - the worse your password is. The more of the colored bar (green) you see - the safer your password is.

If you have questions about what makes a safe password feel free to ask.

We now enforce a required password strength for new members and updating your password. Passwords are ranked on a scale of 0-9 (0 being weak and 9 being strong) and your password must be at least rank 4 - you can determine this if the colored meter is at least half filled.

I've attached the source (as of now) for any curious coders.

--- "Strengthen your password" has been viewed times ---

Bookmark item @

[ print view ] [ email this page to a friend ]

[ ZIP attachment ] (1.33 KBs) downloads

looks good	[quote]
» posted by: acido · date: 7:47pm Aug 06 2007	rated: N/A
Just had a quick look on your code, looks good Lev. I think it's pretty funny how we addressed this problem with unsecured password in the same way at the office without talking about it first. Haven't finished mine yet, but I will let you have a look on it once it's done so we can compare them and see what code is more secure and user friendly for the end user.
Poser ( 72 ) » total items: 0 · total posts: 2      (0.000 / 0.143)

untitled	[quote]
» posted by: Lev · date: 1:40pm Aug 04 2007	rated: N/A
Just an update here: I am now enforcing moderately secure passwords. This does not apply to your current password, but any new members and anyone trying to change their password will need to use a moderately secure password. On a scale of 0-9, 0 is low and 9 is high, your password must rank a 4. Some stupid passwords are: patrick jason linda abc123 fuckoff secret god sex jesus ... and so on and so forth. I may begin to enforce a requirement for operators to have a password that meets a certain security level as well, but it's just speculation now. ~~~~~~~~~~ The problem with the world is that the fanatics are so arrogantly sure of themselves, while the open-minded individual remains filled with doubts. levlive.com
Tainter of Thoughts ( 13377 ) » total items: 1158 · total posts: 1924       ~      (0.143 / 2.714)