Skip to main content
  1. Home
  2. Computing
  3. News

Web consultant says meters don’t measure true strength of passwords

Add as a preferred source on Google

We’ve all gone through the process of trying to sign up for a website, only to be told our password isn’t strong enough. But these password strength meters may not be all they’re cracked up to be and may be only giving the illusion of security.

According to Mark Stockley, founder of web consultancy Compound Eye, these meters don’t actually measure strength at all. Stockley tested five different password meters, first in March 2015 and then 18 months later. He says none of them improved during that time.

Recommended Videos

Writing for Sophos, he explained that password meters only attempt to measure how long it would take to crack the password. A meter on the website typically suggests you use a long password with uppercase and lowercase characters and symbols like question marks and exclamation points.

“A strong password is one that is highly resistant to attempts to crack it with online or offline dictionary attacks,” he said. “The only good way to measure the strength of a password is to try and crack it — a serious and seriously time-consuming business that requires specialist software and expensive hardware.”

As part of his tests, Stockley ran five passwords that he deemed terrible through the meters. If the meters were up to par, they would reject them. The five passwords were “abc123,” “trustno1,” “ncc1701,” “primetime21,” and “iloveyou!” More often than not, the passwords passed the meter with some getting a “good” or “normal” result.

To further corroborate his findings, Stockley was able to crack these five passwords with the open source tool John the Ripper, making it clear that the passwords weren’t cut out for securing your accounts.

So nothing had improved in over a year. In his latest tests, Stockley added a sixth password meter, the very popular zxcvbn, which is used by Dropbox and WordPress. It deemed all five terrible passwords “very weak,” marking something of an improvement.

However, Stockley still remains highly critical of password meters that “muddy the waters with misleading or ambiguous terminology and colors,” and encouraged the use of two-factor authentication.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
This website is a goldmine if you love Mac menu bar apps
Discover hundreds of menu bar apps, from tiny utilities to powerful productivity tools, all in one place.
MacMenuBar website open on Mac

The menu bar is the most underrated part of macOS. It sits quietly at the top of your screen, and most people never do anything with it other than checking the time and battery percentage. But if you find the right apps, that thin strip becomes the fastest way to get things done on your Mac.

The problem is finding those apps. The Mac App Store is not great at surfacing them, and hunting through random blog lists is a chore. And while I have shared my favorite Mac utilities that include menu bar apps like Supercharge and CleanShot X, there’s an even better place to find the best apps for your Mac’s menu bar.

Read more
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more