2010/09/06

Strong passwords

Microsoft has a page to check your password, which rates its strength.

Good idea - to help people choose stronger passwords - however:

  • I certainly wouldn't want to tell anyone my password, especially over the Internet; I'll keep it between me and whatever service I need a password for. (Yes, as it notes at the bottom of the page "The password you enter is checked and validated on your computer. It is not sent over the Internet." however I'd have to read the code to confirm that - and that it hasn't been changed since the last time I read the code. An unlikely requirement for the intended audience.)
  • I certainly wouldn't want to tell Microsoft in particular; regardless whether you trust them or not, they're a big target, so why take the chance of being "collateral damage"?
  • The page has little intelligence behind it; here are some example strength ratings:
    • Medium: qwertyuiopas (12 characters - straight across the keyboard)
    • Strong: abcdefghijklmn (the first 14 letters of the alphabet)
    • Strong: 12345678912345678912 (20 digits, in order)
    • BEST: 28 of any letter.
Whoops.