so while waiting for dd to zero out a container file for my encrypted backup (because btrfs is a pile of shit that won't work with fallocate), i started to wonder about what password I should use and how strong it is. it was pretty easy to come up with a magical passphrase about eating ass, and https://howsecureismypassword.net/ gave me a magical metric about how strong it is.
so cough 'em up facepunch, how secure is your password?
https://files.facepunch.com/forum/upload/58028/be53f41c-12a4-46ee-94d5-abc73f3e7380/2018-11-04-012810_790x280_scrot.png
reminder that if you use anything less than 10 characters with just letters and numbers, you deserve what's coming to you
https://i.gyazo.com/60b18ba79823569a4d7fa0af2fa04258.png
shit, guess I should come up with a better one
is your password.... "a"?
My strongest password is acronym and l337 speak so should be fine
https://files.facepunch.com/forum/upload/488/1bb64b1f-3418-4f8e-b5ac-b9996ac6396f/pass-1.png
Oh, well I guess I can just add (space)123 and, wa-bam
https://files.facepunch.com/forum/upload/488/e8c808ad-9706-4903-8cab-1ebcec8049fc/pass-2.png
ez
This totally doesn't seem like a "covert" password algorithm mining service.
https://i.imgur.com/ryt3mxO.jpg
Pickpocket increased to 100.
the calculation is all run in your browser and the source code for the site is up for review, so it all checks out.
My password all look like "95FpH%c61W$$cT*RmijQC@6llTjWSpS*M@u^gLy2" (newly generated to check on the site) thanks to password managers.
So basically some silly numbers on that website.
The site doesn't factor in wordbook attacks though, as far as I know its just about pure brute forcing and not even smart brute forcing.
In some old cases, where services just used MD5 for example there are also hash libraries of already solved MD5 hashes.
Lastly there are of course big leaks of passwords, if people reuse passwords, even if it is something like above, there is no protection after a leak. (Make use of 2FA where possible.)
it *does* check for commonly used phrases, phone numbers, and the like. that being said, it doesn't run anywhere near a full dictionary check. in any case tho it's a pretty neat tool for seeing how secure ur shit is.
Stop putting your password into random third-party websites you dumbasses, you have no idea what they're storing and what they aren't.
You can view the source code over at their github, and skimming over the js used to calculate their metrics, it doesn't send any data over the internet. It's all done locally in your browser.
https://i.imgur.com/uqRypH0.png
Til 100 character usernames and password standardized.
Hey guys, post your passwords and I'll tell you how strong they are. Everyone here can keep them secret, right?
https://u.lewd.se/s1TJzQ_firefox_2018-11-04_10-26-12.png
A few weeks ago I finally got off my arse and used a local password manager on my phone, laptop and desktop. All the passwords are stored in a locked database file that's also backed up to my file server. I did look at lastpass for example but found you would be fucked if they were hacked, but I never thought about a local password manager.
At the end of the day why take the risk?
What is the risk? How would they associate your password with whatever it fits into? They only have your IP and location, no logins or any mentions of services they could try logging in with it
346 QUINDECILLION YEARS
My password is twenty 5's, but I'm never telling you the correct order!
https://i.imgur.com/OhurWlH.png
I used to have overly long passwords with 40+ characters with a mixture of a capitalization and symbols but I actually end up forgetting them often so I started to shorten them with just varied amount of caps and symbols, and giving each site a common word and a different word on top of that, so I can easily remember them more while maintaining a unique string for each account. It'd probably more ideal for me to start using those password manager thingies but I'm too lazy to set those up and I'm too used to (trying) remembering them all in my head and typing them out.
Last time I used a password manager I forgot the master password
https://files.facepunch.com/forum/upload/1217/92d5af95-76d3-4ba7-8083-77aa812982f0/hunter2.PNG
I guess even if he hadn't posted it, hunter2 was a bad password anyway.
https://i.imgur.com/MhNMYJL.png
This is one of my passwords. All of the important ones follow similar patterns so they'd take around the same length of time. I have less secure ones that are easy to remember for accounts I don't actually care about though. Adding some unicode to your passwords helps a lot.
Everyone should be using a password manager tbh, it might be a minor inconvenience having to go on that to log in to things but I keep a copy of it on my dropbox (Which is also password protected by the manager) and a hard copy on a USB pen in my bag, and my phone can access it through my dropbox.
The 16 char password I only have in my head and use to access my password manager though:
https://files.facepunch.com/forum/upload/222257/114e9426-2206-4dc7-bd87-9cf7bfb08f13/image.png
It's definitely worth at least slowly migrating anything that means anything to you over to a manager instead of waiting until something bad happen. Not only are the passwords far more secure if hashes get leaked, you can ensure your passwords across everything are unique and also store other notes (Usernames, secret question info etc) on them so no more forgetting all your info for that thing you last used 2 years ago.
Luckily a lot of services have decent protection for stopping weird logins happening on your account, but stupidly until a year or so ago despite the below for my email address I was still using the same/variations of the same password lazily even for things like Paypal, Google etc until I woke up on day and realized actually if someone got into those how much damage they could do to me.
https://files.facepunch.com/forum/upload/222257/82fa11b3-9010-4c87-9a48-f809865d9271/image.png
The risk isn't any bigger than using a browser as a means to communicate your password with a secure server.
Like Bee said, it's ran locally. You can check the source code.
can someone check how good hunter2 is ?
Just type similar in nature password to test it but not give it away
guys this site doesn't look very trustworthy so I'll just ask you for advice, my password is p1zzaPaRtY236, do you think it's good enough?
no, not really
You only take risk if you are unaware of mechanisms behind. Quit being silly.
Because a website can't have code on the live site which is different to the code on Github
which is an actual security problem with well known package managers like NPM
Sorry, you need to Log In to post a reply to this thread.