I would like to read password from a file in our system and check their effectiveness and warn the users that have not so strong passwords to change. even ones based on text input would be good for now.
2006-08-18 11:58:56 · 6 answers · asked by sftware g 1 in Computers & Internet ➔ Security
Thanks for all the responses. What i want is a program that can take the passwords from a list and tell me how secure they are. I have beleived from the begining and from experience got to know that open source program not being as good as the paid ones is a myth. I would prefer a program that i can deploy and it lists me all the users in the list and how secure/insecure their passwords are.
2006-08-18 12:27:05 · update #1
Creating strong passwords isn't rocket science. It's just a matter of very simple numbers. The longer the password, the stronger it will be gainst a "brute force" attack. And the larger the character set used the longer it will take to succumb to an attack.
Passwords should never be less than 8 characters. Anything less than 8 can be cracked in a few hours. And 8 character passwords using just the 26 letters of the alphabet can be cracked in less than a day with modern equipment.
A bullet proof password, at least with the state of the art of computer science today, should be at least 14 characters long. It should contain a random mix of upper case & lower case letters, digits, and punctuation marks. Such a password would take several thousand years to crack and it will probably be several decades before computing capacity is strong enough to shorten that to a workable length of time.
Most password crackers use a dictionary attack for the first pass. As such, any commonly used words should never be used as a password! A dictionary attack using a dictionary of 30,000 words would only take a couple of minutes to break a password that was in the dictionary. Most dictionaries also include sequential keystrokes, such as asdfghjkl; which look random to the human eye but won't fool a cracker.
You don't need a program to "test" the crackability of passwords. In fact, I'd be suspect of one that does as it could be "spyware" that phones home to report passwords being tested to add them to a dictionary. Just follow the simple rules I've outlined here and you will NEVER have a password cracked again. To summarize:
1. At least 14 characters long.
2. Random sequence of characters.
3. Upper case letters.
4. Lower case letters.
5. Digits
6. Punctuation marks.
Boost your security by changing your password every 90 days or less. And don't reuse passwords on important sites such as banking sites or e-commerce sites. And NEVER select the option to save your password!
2006-08-18 12:44:20 · answer #1 · answered by Bostonian In MO 7 · 0⤊ 0⤋
There is no absolute measure of password strength. However, there are several techniques you can use to perform a relative rating.
* Hacker's password dictionaries. Make sure no on chooses an easy-to-guess password. Here's a sample list: http://geodsoft.com/howto/password/common.htm
* Length - the shorter the password, the easier to guess
* Character set - if you only have 26 characters to guess, it is easier to guess. Adding numbers and punctuation makes it harder to guess because there are more choices.
* Mixed case - by allowing mixed case passwords, you double from 26 characters to 52 characters that hackers need to guess.
It is fairly easy to write a program that assigns your own priority to each of these criteria, and arrives at an overall score.
However, this score is not absolute.
2006-08-18 12:11:36 · answer #2 · answered by Tom D 4 · 0⤊ 0⤋
both FireFox & Netscape (@ least in its version 7.x release) offer a password strength goody
Netscape may be a little outdated, but you may want to give FF a shot >;) look under Tools > Options > panel Privacy > panel Passwords > click on button [Set Master Password]
nota bene: the mesurement is done localy, so unless you have a keyloger worm running on your PC, your passwords will be perfectly safe.
PS (from sysadmin...): you may not want to go & tell your users that you can read their passwords; post them a list of standards, insteads:
- combination of lovercase & UPPERCASE letters, numbers and any special characters your domain controler may accept
- @ least 8 characters
- do not allow to always use the same password (thus, password renewal means different password. users are gonna hate you for that one >;D
2006-08-18 12:16:23 · answer #3 · answered by mr. c 6 · 0⤊ 0⤋
not one hundred% open- i exploit as a lot as i am going to depending upon the gadget. were given 3 Xp machines, and far as I promote open workplace, it only wouldn't have the polish and muscle of MSOffice, any version. the single element i might want to luv to work out interior the OPSource section, is a international type photo viewing proggie. after I insert a DVD with a TON of %. on it, i do not favor to import em. i exploit as a lot as i am going to, yet take Adobe for instance. Who has a reader that may compete with it? None i have seen. even if the prob with utilising it, id properly- you recognize. GoOpenSource! Oh! a number of the audio strategies i have been fiddling with are great!
2016-11-05 03:09:55 · answer #4 · answered by ? 4 · 0⤊ 0⤋
Ummm... would you really trust an Open Source program to read everyone's password on your system? Just fork out the cash for the system mod, it's safer!
2006-08-18 12:04:22 · answer #5 · answered by Beardog 7 · 0⤊ 0⤋
here's a hint passwords should contain letters and numbers. and it should be something unique, not something used everyday.
2006-08-18 12:05:21 · answer #6 · answered by Anonymous · 0⤊ 0⤋