Securing your passwords is always a headache!
Researchers at Carnegie Mellon University and the University of Chicago have developed a new password tester that aims to teach people how to make their passwords stronger.
It's often said, but it's really important to secure your accounts in an age where passwords are easier than ever to crack. While passwords can be bypassed in some cases, it's still important to have strong passwords to protect yourself against brute force attacks, which is when hackers try to guess your password over and over again until they succeed.
This password tester aims to encourage people to use better passwords by explaining why their passwords are weak and providing suggestions for improving them.
The idea behind this tool is not entirely new and many websites give you feedback on the strength of your password. For example on Google, with the password "byothe2017":
Although defined by Google as "High", the security level of this password is quite weak when tested with the new tool.
The tester says: "Don't use words from Wikipedia", "Avoid dates"... and suggests adding capital letters in the middle of the word. Finally, he suggests a much more secure variant that includes capital letters, special characters and mixes letters: by}2017oThe.
If I use the worst password of 2016, the result is clear, it is very very weak:
On the other hand, if I use a password generator With all parameters set to the strongest, the password "8At3#x73@*DCs9Gm#d" gets a good score, but the tool still takes the opportunity to give some advice such as using this password only for a single account.
The tester uses a neural network system to scan a large database of existing passwords and identify trends. It then checks the password entered by the user against this database to test whether it is a word that can be guessed in the event of an attack.
For example, if you change “Es” to “3s” in your password, this will not fool hackers. The tester will explain how common this substitution is and provide advice on what to do instead,
explains Blase Ur, lead author of the study.
Researchers found that providing explanatory feedback made a huge difference in security compared to labeling passwords as weak or strong. You can try the demo of this tool here.
Article updated on January 5, 2025 by Byothe
