Tales from the Crypto






         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

March 29, 2006

Microsoft’s new password collector.

Filed under: General Security @ 10:22 am

Sorry, did I say that out loud?


No, it’s not really a password collector.


Probably.


What I’m talking about is a new tool from Microsoft that aims to tell you when a password is “Weak”, “Medium”, “Strong” or “Best”.


Try it for yourself – see that “This is my password.” is “BEST”, and “Cz!r4Tz” is “Weak”.


From that comparison, it’s obvious that this tool is only a guideline, and probably that’s all it can be – but you might want to try it on your users.  At the very least, many weak passwords will be shown to them as being weak.

2 Comments

  1.   girishb — March 29, 2006 @ 1:04 pm    Reply

    But, Isn’t “This is my password.” a lot better password to remember and hard to crack from automated tools than Czlr4Tz? All my passwords are pass-phrases and they make it easy to remember and based on this http://blogs.technet.com/robert_hensing/archive/2004/07/28/199610.aspx a better password in many ways.
    Girish

  2.   Alun Jones — March 29, 2006 @ 2:25 pm    Reply

    It’s certainly a lot easier to remember, and the last time I researched password cracking tools, none of them took the time to try “ .”
    But that’s relying on the cracking tools remaining in that state.
    Your pass-phrases should continue to add complexity and entropy that are not related to a reliance on the cracking tools simply not catching up to the world of pass-phrases.

RSS feed for comments on this post. TrackBack URI

Leave a comment

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs