What is Digg?Sponsored by Best Buy
Best Buy Employees Turn Carolers For A Day view!
www.youtube.com/bestbuy - Go behind the scenes to see real employees croon their way to star in Best Buy’s holiday campaign.
83 Comments
- dimmerswitch, on 10/11/2007, -1/+94Nice. I've often thought about creating a 4 level meter:
1. Not Secure
2. Somewhat Secure
3. Very Secure
4. How the hell do you expect to remember that? - Query, on 10/11/2007, -1/+38This comment on the site pretty much sums up why this sucks:
"The password 'password' shows as 'very secure'" - fpcyber, on 10/11/2007, -0/+36This doesn't work too well. If you press the same letter 20 times it says Very Secure...
- CrazedGeek, on 10/11/2007, -2/+30Raven> I tried setting my hotmail password to penis.
Raven> It said my password wasn't long enough. :( - inactive, on 10/11/2007, -1/+17Yeah that thing sucks. The first thing I tried was "password" and it comes up as very secure. As does apparently any other 8-letter password.
Buried as lame. - capiCrimm, on 10/11/2007, -1/+14your comment isn't even 128 characters.
- mrmacky, on 10/11/2007, -0/+10I'm going to have 5 levels... for the fifth one your password needs to be 128 characters long.
- wildfire, on 10/11/2007, -3/+12Two-factor is not even enough for Internet-related activities anymore. A meter like this is mainly just eye candy, added page weight, and false security.
http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
http://www.symantec.com/enterprise/security_response/weblog/2007/05/phishing_and_twofactor_authent_1.html
http://www.networksec.org/Articles/AuthenticationThePitfallOfTwoFactorAuthentication
/letdown - zackkitzmiller, on 10/11/2007, -3/+12Checking to see if this is your _current_ google password as well ;) as well as digg, ebay, etc ;)
- bluepass, on 10/11/2007, -0/+8Well, it looks like OMGWTFBBQ is a very secure password. This is clearly my password from now on.
- zweben, on 10/11/2007, -3/+10You might as well just hit 15 random keys and memorize them.
- nipterink, on 10/11/2007, -0/+7the demo they show is pretty *****.
"aaaaaaaa" --> very secure. - capiCrimm, on 10/11/2007, -0/+7easy, take a phrase, like a song hook. and do a constant manipulation for all your passwords. Then append a constant hook at the end(like when it expires). So lets say I'll take the first letter of each sentence, capitalize every other one, and "leetify" letters. Just Be Consistant or else it won't work. So from sympathy for the devil...
Please allow me to introduce myself
PaMtIm -> P@M71m
Now for the hook. lets say I expire my passwords every two months(even months, so lets write it as a math phrase). Anyway, for this password it's month 8
8*1/1-07
and for a january password next year it can me 2*1/1-08...
anyway, append that to our password
P@M71m8*1/1-07
You can do more things and make it more complicated, but as long as you follow the same format for all your passwords it's really not all that bad. All you need to do is remember the song hook, or quote, or bible verse. Whatever you want. Another trick is to have different levels of passwords. The really weak ones don't change that often, but the really strong one changes every couple of weeks. For the lowest level you probably only need one password, but for the highest you probably want a different password for each login. Anyway... - NiX0n, on 10/11/2007, -0/+6not anymore...
- capiCrimm, on 10/11/2007, -0/+6what the hell are you talking about. If you figure out an easy pattern and remember it then do that same thing every time it doesn't, and it's secure. Another way of codifying the next experation date is by holding down shift so 08/07 -> )*/)&. How hard is that to do? It's all about sticking to a pattern and a simple one at that. If you don't like leet try replacing the small letters with incrementing numbers at 0... and then switching caps on every actual letter. You get P0m2I3. How many rules did I have to get this password, three?
P0m2I3)*/)&
The first couple times you use a password like this it'll take you five minutes to type it out, but after about a week of use you'll get pretty fast. If you don't need secure passwords like this, don't use them. Use 'icenblingz' for all I care, but don't complain that it's impossible to use secure passwords without writing them down. It's not. It take a little more effort, that's all. - b3mus3d, on 10/11/2007, -0/+5If I see a password strength meter, I quite often type some random characters (experimenting with length, types of characters used) for about 30 seconds to see how it judges. God damn yours would be annoying.
- houndeyex, on 10/11/2007, -0/+5n0w ur h@x0r'd
- jackcall, on 10/11/2007, -0/+5easy to remember yes, strong no. Any serious cracker will have a list of leet transcription - a good pass is a random string, not something that is easy to remember
- sherifftruman, on 10/11/2007, -1/+6Same for using "password".
- snotrokit, on 10/11/2007, -1/+5Buried, as in jimbojim, password is very secure, as is any regular english word over 8 characters. suckage factor of 12.
- albiniak, on 10/11/2007, -1/+5Tomorrow's lesson: using a meter to indicate how quickly the site dies from the digg effect.
- judgeFire, on 10/11/2007, -0/+3As for creating passwords, Mac users can use the built-in meter in the OS. You can find one in "System Preferences: Accounts -> Change password...", for example, by hitting the little key icon.
For developers, well, it is an OS service, so it can called from any app on the platform- no need to build one separately. - dafragsta, on 10/11/2007, -0/+3I didn't check out this implementation, but I can easily see a practical reason for these password strength checkers. Most people who don't work in IT don't realize how a brute force attack works. Without going into the ugly details, a user can get feedback that means something on their terms. Most people don't really need to know why dictionary words and common passwords are not secure, they just need to know that their current one isn't secure and that alphanumeric combinations are better..
- paulmike3, on 10/11/2007, -0/+3so is "password".
- jenrzzz1, on 10/11/2007, -0/+3This is a simple algorithm to gauge the security of the password by its length. It shouldn't be too hard to modify it to compare the password against a list of known dictionary words.
- dfg59, on 10/11/2007, -1/+4Secure password rating that actually works, 17 lines of ruby code:
http://pastie.caboo.se/79985 - MalDON, on 10/11/2007, -0/+2I will be sure to remember this when I try to crack your password.
- mattrmiller, on 10/11/2007, -0/+2I am actually the author, not the submitter of the story.
Version 1.0 referenced here was a proof of concept, the algorithm was not complete.
There is a version 2.0 that is built out a little more: http://www.codeandcoffee.com/2007/07/16/how-to-make-a-password-strength-meter-like-google-v20/ - merreborn, on 10/11/2007, -0/+2Strong passwords are still important. If your password is something stupid like 'secret', your account is more at risk than if it was something secure, like 's54fl00f!!~'.
- p0tent1al, on 10/11/2007, -1/+3LOL
I don't care what kind of transcription you have, if
"@myPa55w0rd*"
is your password, good ***** LUCK to whoever is trying to crack it, symbols, capital letters, letters. - convergent, on 10/11/2007, -0/+1"my password is 12345"
"oh that's the password to my briefcase! i must go change it" - inactive, on 10/11/2007, -0/+1the password "12345678910" validates as 'Very Secure' is this correct?
- wildfire, on 10/11/2007, -0/+1Well most people who use this are going to use as-is, with no guidelines for security, and without multiple authentication. But to reply to your statement -- yes.
- mozzep, on 10/11/2007, -0/+1It's funny how you think that's not secure considering the password strength meter says it's "very secure."
- nasium, on 10/11/2007, -0/+1I like the idea of the article, but most hi level programmers can improve upon this.
There should have been some more checks;
1. are all the characters the same?
2. levels of security should be increased.
3. lookup to a table that contains the most popular passwords, there are plenty of sites out there that list theses so it shouldn't be a big deal.
4. is there a similariry of characters; if the password is 112233, the password is not secure. in plain terms, a character should not represent 20% of the total password characters.
Just some thoughts, i might spend a day and improve upon the post. could make for a fun day of programming. Thats all folks! http://www.seorat.com - fffizzz, on 10/11/2007, -0/+1"howsthis" validates as very secure? No, I would think .,4Fs23jh#!2bH as secure, but maybe thats just me?
- ddrirc, on 10/11/2007, -0/+1jQuery has a plugin for secure passwords:
http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/
~ - undetected, on 10/11/2007, -0/+1This won't work for the sites I only visit once or twice a year. "Hmm, now let's see, what month did I last visit this site? *****, what song was I thinking about?"
- bivouac, on 10/11/2007, -0/+1The logic is way too simple in his decision criteria.
- tomi, on 10/11/2007, -0/+1Site's down and the mirrors seem to be useless.
- SushiCW, on 10/11/2007, -0/+1You'd probably want to modify the score based on how many (if any) dictionary words there were in the password.
- DigDugDigger, on 10/11/2007, -0/+1I've had good results using a method I learned in school. You pretty much think of a easy password, say... 'password', and shift your typing to the right by one key so a word like 'password' becomes '[sddeptf'. Easy to remember, very difficult to guess.
And no don't try to guess my Digg account password plz, kthxbai. - Spr0k3t, on 10/11/2007, -0/+1This is a laughable attempt to create such an algorithm. It would be better to check the variations of the characters. All characters of the same type (lowercase only, uppercase only, numbers only, symbols only), poor password security (4 or less characters)... A combination of two of those without repeating more than once, low password security. At least three of those without repeating more than once, medium password security (length minimum of 6). All four without repeating and minimum length of 9 would result in very strong password security. This would be very simple to build, possibly even easier than the poor algorithm created in the blog.
- SushiCW, on 10/11/2007, -0/+1Actually, most password crackers specifically check for both keyboard-shifting and keyboard patterns. Still not necessarily secure against a determined hacker.
- meatmcguffin, on 10/11/2007, -0/+1Surely if you took 11 random characters and typed them in over and over you would get exactly the same speed than taking a known pattern of 11 characters.
I don't really see the difference between the two with the exception that you could recover your password if you forgot it but then if you forget your password, maybe you should start using a slightly simpler one. - Spr0k3t, on 10/11/2007, -0/+1spam
- flarn2006, on 10/11/2007, -0/+1abcdefgh says "Very Secure"
so does abcdefghijklmnopqrstuvwxyz - AirlessToaster, on 10/11/2007, -0/+1Firefox checks all your typing client side. Which means you are one user with a relatively fast connection to your hard drive/RAM/Processor to compare your words to what you type. A web form has to either send your words back to their server to be processed through a dictonary with potentially hundreds of users doing the same or make you dl a dictionary every time you come to the form(high bandwidth).
Now if only javaScript had access to firefox's built in dictionary...(adds to firefox wishlist) - fffizzz, on 10/11/2007, -0/+1version 2 is much bettter!!
-
Show 51 - 84 of 84 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is