Many Password Strength Meters Are Downright Weak, Researchers Say

Posted by timothy on Thursday March 26, 2015 @04:21AM from the it's-like-pressing-the-walk-button dept.

alphadogg writes "Website password strength meters often tell you only what you want to hear rather than what you need to hear. That's the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of 'not-so-good' passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results. Inconsistent can go both directions: I've seen password-strength meters that balked at absolutely everything (accepting weak passwords as good, after calling wildly long and random ones poor).

5 of 159 comments (clear)

Min score:

Reason:

Sort:

is this good? by twitnutttt · 2015-03-26 04:23 · Score: 2, Funny

123Password is very strong because it uses numbers and upper and lower case letters.
Those meters are stupid.
1. Re:is this good? by Anonymous Coward · 2015-03-26 05:40 · Score: 2, Funny
  
  You take the data offline and fuck on it at full speed.
  No, I use a mattress and I pace myself.
Lovely Meter Maid by Tablizer · 2015-03-26 04:42 · Score: 3, Funny

So we need a meter for meters now.

--
Table-ized A.I.
Re:I use the same unhackable password by itzly · 2015-03-26 04:48 · Score: 4, Funny

I know that my password - hunter2 - is very strong
Doesn't look strong to me.
We should launch a massive research effort by tlambert · 2015-03-26 05:47 · Score: 5, Funny

We should launch a massive research effort, figure out the strongest possible password, and make everyone use that.