Dropbox has a password strength estimator called zxcvbn that I like a lot. It estimates entropy in your password by looking for dictionary or password list leak matches. It's long bothered me when sites estimate password strength purely based on complexity. These sites say a password like
Password!1
is much more secure than one like zbuwcramudbpvreorkno
(a score of 72% vs 21% respectively). I discuss this in more detail in my How to be secure online post.
However, a while ago Dropbox changed their algorithm to favor length over resistance to dictionary attacks. There is some logic in their decision, but I really feel like something is lost by not having the old algorithm. So, I made a demo comparing the two so you can find passwords both algorithms agree are strong. At the same time, I finally hooked up this domain I bought a while ago to my github pages site.
No comments:
Post a Comment