Password Strength Checker and Tips - BestVPN.com

Password Strength Checker and Tips

Peter Selmeczy

Peter Selmeczy

August 28, 2017

Having a strong password is extremely important.Password Strength Checker

Don’t believe me? Keep reading this guide.

But first, use this password strength checker to see how strong your passwords really are!
(Don’t worry we don’t record any of the password strength checks/data)

Password Meter
Detailed score will come here

About this Password Strength Checker

While fairly basic, our password strength checker does a good job at checking the strength of your password.  By clicking “show me why”, you’ll be able to see what factors we’ve analyzed and the importance they have on your password strength. Though, as I explain below, no password strength checker is ideal, it should give a good indication whethere the passwords your using should be upgraded or not.

While the tool doesn’t inherently analyze against dictionary attacks (see more on this below), it does consider the number of similar characters (e.g. lower case letters) preceding each other, which is a good indication of words being used.

Furthermore, since we have no data on your system or personality we are unable to check if your passwords which could be related to you and guessed.

Real password strength – are password strength checkers accurate?

In short, no. Our tool is simple and doesn’t try to crack your password in any way (which would be the real test). Furthermore, you’ll find many other strength checkers online, and you’ll probably obtain inconsistent results with most of them. This has in fact been demonstrated by researchers at the Concordia University in Montreal.

So should you still use one? Yes! While the results obtained may vary, password strength checkers give good indications, and as shown in a research by Microsoft, can help push people to use stronger passwords. Exactly why we’re trying to educate you on the topic.

What makes a Strong Password?

A strong password should have a high level of entropy. In layman’s terms, it’s the amount of disorder that is present. Not only should your password be filled with random numbers, characters, and letters, but it should also be long. High-quality password generators, such as KeePass, will help you generate exactly these kinds of passwords.

Password Cracking

Password Cracking Methods

You might be wondering how passwords are cracked. There are three main methods that you need to lookout for. I’ll use a 4 digit padlock to try and represent these theories.

Brute-Force Attack

Brute-force attacks are the simplest in nature but take the most time. It involves cycling through each possible option in quick succession. With our padlock, it would start off at 0000, proceed to 0001, then 0002, and so on until it reaches 9999 or opens it – for a total of 10000 possible combinations.

While with a padlock this would take a lot of time, with common tools, such as John the Ripper, the average home computer would have this cracked in far under a minute.

This is why it’s important to use a variety of numbers, letters, and characters. If, for example, you know that a password only has lowercase letters, then for each position you only have to try 26 options. If it can have lower and higher, this automatically doubles to 52. With numbers, this rises to 62. So if instead of just numbers, our padlock also had lower and upper case characters, you would have to try a maximum of 14776336 (62^4) combinations in order to crack it. A computer would still crack that in seconds, but you would have no chance!

Dictionary Attack

Dictionary attacks work similarly to brute force attacks. However, in addition to guessing single characters, it will also try words from a given dictionary (usually a slimmed down traditional dictionary).

In the case of our padlock we could have a numeric dictonary that contained the following items 0000,1111, 2222,…,9999, 42, 69, 1234, and possible a few more common number combinations. Because we tend to choose passwords that are easy to remember, dictionary attacks can be considerably quicker.

Social Attack

Social attacks take your system and personal information into consideration to try and help speed up the process of dictionary attacks. Say I knew your dog was called Pickle, your mum Jane and you were born on 01/07/1980, I’d give this data higher priority.

With the padlock, I would immediately guess 1980 first. Then I’d move onto your mums year of birth or possibly the year you adopted Pickle. If those don’t work I could also look up the manufacturer of the padlock and see if they have a default combination that they ship with and try that.

On the whole, if you have a simple password, it won’t take long to crack!

Password Strength by XKCD

While not truly accurate (as it doesn’t account for dictionary cracking), this comic by XKCD, helps represent some of the common misconceptions surrounding password strength.

Password Strength by XKCD

Password Security Tips

Here are some simple tips to help you with your password strength and security:

  • Use a password manager to store and create extremely strong passwords
  • Never write down your passwords anywhere (especially not in word file called passwords.doc!)
  • Change your main passwords regularly
  • Don’t use the same password twice
  • Don’t leave your devices unattended
  • Never share your password with anyone
  • Avoid terrible, cliched and overused passwords!

Password Strength Recap

With news of leaked and cracked passwords appearing every month, having a strong password has never been more important. Hopefully, this short guide has helped you understand more about password strength and has given you the help and information required in order to stay more secure online.

If you’d like to receive more great news like this on a weekly basis, then make sure you sign up to our newsletter.

Get weekly tips to improve your online safety

We'll send it straight to your inbox.

Newsletter sign up

Get weekly tips to improve your online safety

We'll send it straight to your inbox.

We promise never to share your email address, ever.