Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cue a test-how-strong-your-password-is service where security conscious individuals can test how their particular password stands up against these new attacks.


And have their password added to a word-list.


There is a site that pretends to do just that, though I can’t find its URL. It asks you to enter your password for strength checking, then takes you to a page saying “estimated strength: 0. Because you have typed the password into an untrusted web page, you must assume it is compromised.”


Has anyone found this? It sounds great, but I couldn't get a URL from googling the obvious stuff. Please post if you know it!


http://www.inutile.ens.fr/estatis/password-security-checker

The Terms and Conditions are worthwhile, too.

EDIT: Also, see http://www.ismytwitterpasswordsecure.com/ (needs Javascript)


Superb. Thanks!


It's not really what you described, but this is quite jolly: https://howsecureismypassword.net.


LastPass includes a "security check" that does some level of checking, but they don't appear to provide details on their "strength of your password" check - it runs in the browser so presumably they're only doing some low-level checks.


zxcvbn (https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.ht..., https://github.com/lowe/zxcvbn) basically has this aim. It might be missing some patterns exploited in attacks, but it’s extensible enough that they shouldn’t be too hard to add.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: