http://www.cnlab.ch/pwcheck/ provides a pw-checker, although itīs in german, but I assume, that englishspeakiung people will also figure it out. If the pw entered is weak, the result will be underlined in red, otherwise itīs green :-)
awa > I like the scoring idea, but there are actually programs that will > allow you to decide how many lowercase, uppercase, and special > characters will be used in a randomly generated password. > > I can't find the link to the one I saw recently, but it was written by > some German guy. > > Daniel > > > -----Original Message----- > > From: Chris Berry [mailto:[EMAIL PROTECTED]] > > Sent: Friday, July 12, 2002 4:00 PM > > To: [EMAIL PROTECTED] > > Subject: Password Scoring > > > > > > > > First, I want to thank everyone who had advice and comments on > > my > > previous password complexity vs. length post. > > I'm trying to come up with an easier way for my users to create > secure > > (but memorable) passwords. In the past I specified some complexity > rules > > requireing lowercase, uppercase, numbers, and symbols, no dictionary > > words, can't be your birthday, etc. etc. However my users have been > > complaining that they had trouble both making and remembering these. > (Sad > > to say the previous administrator let them do whatever they wanted > > in > this > > area, leading to some shockingly bad passwords.) > > After reading all I could find on the subject and doing some > testing > > with LC4 from @Stake, I've come up with the following solution, on > which > > I'd like some comments. First I set all the computers on the > > network > to > > use NTLMv2 exclusively refusing LM and NTLM responses so that I > shouldn't > > have to worry about the 7/14 character hash problem intrinsic in LM > > or > the > > encryption lenght weakness in original NTLM. Second, I've written > > an application in JAVA (A first for me, especially the OOP part, I > learned to > > program back in the dawn of time circa late 80's, didn't think > > fortran > or > > commodore basic would be a good choice though, *grin*) Basically > > this program does two things (which I haven't been able to find in > > any > other > > products, and believe me I looked, why reinvent the wheel?) First, > > it > can > > generate random passwords (which other programs can do, but not with > this > > kind of granularity) by allowing you to specify how many of which > > kind > of > > five types of characters (lowercase, uppcase, numbers, symbols, and > > windows extended ASCII accessed with the alt key) Second, the > > program > can > > check user entered passwords in a text box (although not the > > extended ASCII, coudn't figure out how to make the text box allow > > you to type > them > > in) Third, and most importantly, I created a scoring system so that > > passwords of various types can be compared. I'm interested to know > what > > you all think of it, so I'm going to list it below. Each character > > is scored seperately, then some penalties are applied. > > > > lowercase=26 points > > upppercase=52 points > > number=62 points > > symbol=94 points > > EXT ASCII=144 points > > > > any password that doesn't have lowercase divide by 1.25 > > ditto for each of the other types > > any password that doesn't have one from each category is divided by > > 2 I felt a good standard windows password would have 1 lower, 2 > > upper, 2 numbers, 1 symbol, and one EXT ASCII so I added 8 points to > > make this > a > > nice number a 500 (instead of 492). > > search the string and subtract half points for each character that > > is > part > > of a dictionary word or common name. > > > > Here are some examples so this all makes sense > > > > gf04TC: 500 Points > > password -71 Points > > B3acH_L0ver2 460 Points > > theusgotbeatbygermany 2 Points > > don't-want-to-WORK 290 Points > > VX.24tf 307 Points > > SO2+nose=BAD_SMELL4ME 603 Points > > > > Basically the idea is so that you can just set a minimum point > total > > and pretty much just let your users make whatever they want. I feel > 500 > > is a good amount for a windows password. Comments anyone?
