A really interesting read over at One Mans entitled “How I’d crack your weak passwords“. The article outlines how he’d go about cracking weak passwords, which involves making some educated guesses which in 20% of cases actually succeed. If they don’t he resorts to brute force attacks.The attacks can vary in the amount of time they take to crack a password, with the time increasing depending on the strength of the password. Here’s a table that demonstrates this, and should illustrate why its a good idea to use strong passwords:
People are generally very bad at selecting strong passwords, the OneMan provides a some tips on how you can go about selecting a strong password. One tool that he recommends and that I have used in the past is Microsofts Password Strength Tester. Another tool is Google’s password checker, which is driven by a URL request that returns an integer in the range 1 – 4, where 4 means Strong and 1 means very weak, for example, the password “123456” returns 1 denoting its very weak:
It’s relatively simple to integrate Google’s solution into your own web applications, however I should point out that the company does not provide any official branding or user interface, and im not sure how long they will continue to provide it.