Many Password Strength Meters Weak
Happy Security Sunday! I found this article the other day on Network World, pointing out studies on the dreaded ‘password strength indicators’ that many websites use to nudge folks into using stronger passwords (and generally annoy most everyone).
“Overall, password strength gateways are inconsistent, with some allowing all letters and others requiring different character sets to gain approval, the researchers found. That sends a mixed message to online users accessing many different websites.”
I agree with the article that the overall intention of the strength indicators are good, but for some the execution falls short, and there are significantly easier ways to keep your passwords secure.
I’ve long been a supporter of password managers such as KeePassX (available for Windows, Mac, and Linux; Free) as one of the best ways to keep your online accounts secure. A 20-character long string of random letters, numbers and symbols is incredibly difficult to break, and password managers allow you generate and keep track of them. In addition:
- you don’t need to have little pieces of paper laying around with all your passwords on them;
- they keep you protected from key-loggers;
- every account you have can a different secure password;
- and you don’t have to remember them;
- honestly, you never have to see them: just copy and paste.
Easy to install, free, and super secure. If you haven’t, give it a try.