Skip to main content
  1. Home
  2. Computing
  3. News

Web consultant says meters don’t measure true strength of passwords

By

We’ve all gone through the process of trying to sign up for a website, only to be told our password isn’t strong enough. But these password strength meters may not be all they’re cracked up to be and may be only giving the illusion of security.

According to Mark Stockley, founder of web consultancy Compound Eye, these meters don’t actually measure strength at all. Stockley tested five different password meters, first in March 2015 and then 18 months later. He says none of them improved during that time.

Recommended Videos

Writing for Sophos, he explained that password meters only attempt to measure how long it would take to crack the password. A meter on the website typically suggests you use a long password with uppercase and lowercase characters and symbols like question marks and exclamation points.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

“A strong password is one that is highly resistant to attempts to crack it with online or offline dictionary attacks,” he said. “The only good way to measure the strength of a password is to try and crack it — a serious and seriously time-consuming business that requires specialist software and expensive hardware.”

As part of his tests, Stockley ran five passwords that he deemed terrible through the meters. If the meters were up to par, they would reject them. The five passwords were “abc123,” “trustno1,” “ncc1701,” “primetime21,” and “iloveyou!” More often than not, the passwords passed the meter with some getting a “good” or “normal” result.

To further corroborate his findings, Stockley was able to crack these five passwords with the open source tool John the Ripper, making it clear that the passwords weren’t cut out for securing your accounts.

So nothing had improved in over a year. In his latest tests, Stockley added a sixth password meter, the very popular zxcvbn, which is used by Dropbox and WordPress. It deemed all five terrible passwords “very weak,” marking something of an improvement.

However, Stockley still remains highly critical of password meters that “muddy the waters with misleading or ambiguous terminology and colors,” and encouraged the use of two-factor authentication.

Jonathan Keane
Jonathan Keane
Former Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Topics

Editors’ Recommendations

The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more