Many Password Strength Meters Are Downright Weak, Researchers Say

alphadogg writes "Website password strength meters often tell you only what you want to hear rather than what you need to hear. That's the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of 'not-so-good' passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results. Inconsistent can go both directions: I've seen password-strength meters that balked at absolutely everything (accepting weak passwords as good, after calling wildly long and random ones poor).

Re:is this good?

[rotaryexpress]

Except when an entire password database is stolen by hackers. Then, dictionary attacks are used first. That is the exact time you want a good password: Make the dictionary attack fail and brute-force the only option.

Remember, most hack attempts don't get reported until the account information starts being used or sold.