How Secure is my Password is a very simple yet interesting website. Enter your password or one you’re thinking of using and it will tell you how good your password is and how long it would take to crack.
Most 4 letter profanities are within the 500 most common passwords and can be cracked almost instantly:
However using my phone number and date of birth as a password proves more challenging:
Ooops did I just tell the whole Internets world my password? 
Uh, not a good idea.…
Don’t forget that you’re going to have to remember and then type out your password all the time. The chance that some random person is going to try to hack your password is actually really small. As a percentage it hardly happens to anyone. It is much more likely that you write down your unwieldy password on paper and lose it, or even worse stick it on a post-it to your computer or even to your bank card (yes, people do this).
I mean think about it, the number of actual hackers out there is very small, and hopefully none of them have a real reason to target you. The people who you have to protect against are drunk friends, people who find your bank card or other info if you lose it, people who don’t like you on Facebook, people who steal your laptop. The likelihood is that these people are just regular computer users like you and do not have hacking programs or skils and are probably going to spend 5 minutes guessing your password, if that, and then give up. So realistically as long as the password isn’t your name, username, telephone number, employer or something directly connected to you like that, it probably won’t be guessed. Much, much less likely than information theft caused by you being careless and doing things like leaving your email or online banking logged in on a public computer or one that you are not present at.
And how do you know that the “How secure is your password” site doesn’t steal passwords that you type into it?
why?
Well I put one in, (not one of my actual ones that is) and it apparently would take 5 million years to figure it out.
Be careful, if you test a password, don’t give a password normally used, because when you test it, you are also automatically sending you IP Address! And who are the people that had created the site, are they good or did they created it so they can receive a list with all the ip addresses and passwords linked? Something to thing about!
yeah anyone that puts their actual password(s) on the site wouldn’t be overly swift.
It looks pretty safe; if you read their FAQ about safety http://howsecureismypassword.net/faq/#safe — it works even offline and they provide the source code too XD
mine is 633 million years
Let’s say what this guys might do with your passwords.…they might create the list and either sale it or use it. Most of you must know one way to crack is “dictionary attack” which basically means going through the list of passwords one by one. Where would you compile better list than site like this??
@Kerahna: Yeah, but if they were doing something illegal with the passwords, they wouldn’t say so in their FAQ, right? I mean unless someone with actual advanced coding skills audits (or hacks, hah) their site, no one knows if the source code is even the code it really uses, let alone whether or not they abide by the policies they claim to.
So I entered a password “WoRd123!@#” and it states 17 thousand years… as I matter of fact it took my Desktop PC less than 15 minutes to crack using only a roughly 50MB rainbow table.
They base it on symbols / character lengths… no good at all.
no NOT enter any info into this site if you plan to use or are using any of those passwords… got a security warning from the site…
If you guys were reading instead of being paranoid you might have clicked the “is it safe?” button and read up on it before badmouthing an otherwise helpful website. Here is what it says:
“Is This Safe?
It is actually. I’m not harvesting passwords into an evil database. Of course that’s exactly the sort of thing I would say if I were harvesting them. And it wouldn’t be hard to do it: a couple of lines of code and I’d have all your passwords. Mwuhahahahahaa! But, to be honest, I don’t know what I’d do with them. Make a cake perhaps.
The bit of code that does the calculations is done in JavaScript. And JavaScript is a “client-side” language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You’ll still be able to use the website to your heart’s content.
However, for the super-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that’s probably a good idea anyway. Just in case I’m lying.”
So you can stop freaking out and breathe.
I think this posting should be taken down.
Unless Boo can guarantee without a doubt the safety of the site.
I agree with Bytown. Many who aren’t internet savvy could very easily be led astray with a posting such as this, if it wasn’t legitimate. It is reminiscent of spam which asks you to confirm your bank account passwords. Scout may have faith in Boo, but this may not be the same Radley that left precious gifts in a tree. It might be cynical, but my policy regarding online material: assume it’s a scam.
“It would take
About 39 billion years
for a desktop PC to crack your password”
I didn’t use my real password, but one along the same lines. Cool site!
hmm… 100 sextillion years for one that I may use (but don’t). While I use strong passwords I’d have to say this was WILDLY inaccurate!
I tend to agree with other comments, do NOT use a password that you actually use.
252 days for Bu115h1 (I’ll leave the last letter to your imagination but it comes just after s in the alphabet).
Again, wildly inaccurate. This would take probably less than 5 minutes.
It’s all irrelevant anyway. All of your important passwords (e.g. online banking) are protected — after 3 tries or 5 tries or whatever they lock your account, so brute-force hacking is completely useless. It’s just a load of FUD.