• Determining Password Strength

    From warmfuzzy@700:100/0 to All on Thu Apr 9 00:23:35 2020
    Hi,
    I'm currently in school for a computer security class. In one of my projects we were familiarized with websites that help to determine password strength. Here I am going to list those three services. Be sure not to use your actual password in determining its strength, but rather some password that is comparabie to your current password(s). Here is the list:

    How Secure Is My Password
    howsecureismypassword.net

    Password Checker Online
    password-checker.online-domain-tools.com

    The Password Meter
    www.passwordmeter.com


    I am relaying this information because I think it will be useful for you. If you have things like this that you come across, please write about it here.

    Cheers!
    -warmfuzzy

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Sp00knet Master Hub [PHATstar] (700:100/0)
  • From poindexter FORTRAN@700:100/20 to warmfuzzy on Thu Apr 9 11:47:00 2020
    warmfuzzy wrote to All <=-

    I am relaying this information because I think it will be useful for
    you. If you have things like this that you come across, please write about it here.

    This might be a good opportunity to talk about password storage security - what are you all doing?

    I'm using Keepass v.2 on my desktop, storing the password file on Google
    Drive - that way I can get to it from my Android phone and from my desktops (Linux and Windows).

    What I love about it is being able to generate passwords based on length and complexity. I used a default password for a long time, and after the Yahoo breach, set out to change every password that used my default password. (it wasn't my Yahoo! password, the Yahoo! breach was just the inspiration)

    I'm frustrated by sites that impose retrictions on password complexity. I've had sites complain about 20 character passwords, sites that allow some
    special characters and not others, sites complain about 3 consecutive
    letters when picked at random, and so on.

    I don't think that anyone is going to use a password cracker on an encrypted password leaked from cheapelectronicsfromchina.com these days, they're more likely to buy a password list for pennies per thousand on the web and look
    for compromised credentials that were re-used.

    So, let me use my long, unique password!


    ... If it isn't broken, I can fix it.
    --- MultiMail/XT v0.52
    * Origin: http://realitycheckbbs.org (700:100/20)
  • From NuSkooler@700:100/9 to poindexter FORTRAN on Fri Apr 10 13:46:32 2020

    poindexter FORTRAN around Thursday, April 9th...
    I'm frustrated by sites that impose retrictions on password complexity. I've had sites complain about 20 character passwords, sites that allow some special characters and not others, sites complain about 3 consecutive letters when picked at random, and so on.

    Another fun experiement is to find the *hidden* lengths of passwords some sites/software use. What I mean by this is some sites TRUNCATE your password so
    for example a password of 15 characters may be the "same" as 15+10 more characters as they truncate at 15. This can also be a red flag (but not necessairly always the case) that they may be storing plain-text passwords.



    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (700:100/9)