Despite the thousands of warnings telling us not to use the same password for every site, most of us use the same password, or a variation of that password on most websites
for the simple reason that multiple passwords are hard to remember. Since this practice is unlikely to change, the one password we do use must be a strong one.
One of the most interesting places to test a password's strength is howsecureismypassword.net. The process is easy: type in your password, and the site tells how much time it would take for a PC to calculate your password in a normal, brute-force attack where characters are generated randomly until the password is found.
Keep in mind that if you are using a single word as a password, the site's determination is inaccurate, since most likely a hacker will use a dictionary-based attack before a brute-force attack, meaning your serendipity will be found in seconds. Moral of the story: if you are using a one word password with no numbers added to it, find a new password. Quickly.
Another site that tests password strength is passwordmeter.com. Passwords are scored based on how many unique characters they use.
This rubric considers using a mixture of uppercase letters, lowercase letters, numbers and symbols the best way to thwart hackers. However, not all websites allow special characters like & and @, and many are not case sensitive.
Testyourpassword.com is one of the most useful of the ways to test passwords. Besides rating the strength of a password based on much of the same criteria as the other tests, Testyourpassword.com generates random passwords based on criteria you provide.
Once the password is generated, the strength tester rates it. Obviously, if the generated password is not strong, you should make corrections to the password until it is.
We tested the same password at each of these sites, with differing results. All of the testers agree, though: variation is key. Use at least an uppercase letter, a lowercase letter, special character and number in your password—and make it more than 8 characters long.
This Tech Tip is brought to you by the Business and Technology Section ... IT solutions for today's CPAs. For more information and to view an archive of previous Tech Tips, please visit us here.
Do you have specific topics you would like to see covered in Tech Tips? Email any suggestions to firstname.lastname@example.org.
LAST UPDATED 8/10/2010