Password strength meters fail to spot easy-to-crack examples
by Samuel Gibbs from Technology | The Guardian on (#1R03D)
Popular password meters don't pick up on awful character sequences that are obvious to hackers, giving users a false sense of security and bad advice
The meters that supposedly tell you when you've entered enough different characters to make a secure password when signing up for a new site are next to useless, according to a web security consultant.
The meters, which often appear as a bar that goes from red to green, rank passwords using traditional measures such as complexity, length and character use, but it turns out most fail to spot easy to guess or predictable passwords. This results in them giving users a false sense of security, or worse, downright terrible advice.
Continue reading...