Testing common passwords

Question

Hi all

I have to write a program that will test the strength our our teams password after they have chosen

i need to write a program that will email them and tell them to choose a better password

Is there any lists available, legal of course, that i can use to do this?

Answer 1

There is a jQuery plugin that will show you password strength. The link also tells you the algorithm it uses (so you could implement it server-side if you want.)

Answer 2

You ask for lists so I'm guessing you're fine with the programming but are seeking wordlists/dictionaries to use?

To begin, if you have access to a UNIX/Linux/MacOS box there is a list in /usr/dict/words or /usr/share/dict/words.

A list of common passwords is at http://www.openwall.com/passwords/wordlists/password.lst

Also, check here for a large collection of wordlists - http://www.net-comber.com/wordurls.html

However, a list alone isn't sufficient, you'll want to check for words being reversed, repeated letters/numbers, etc etc.

Answer 3

A slightly different (or simpler?) approach may be to measure the password strength based on the diversity of characters used.

For example award one point if:

• Password has at least one lower case letter
• Password has at least one upper case letter
• Password has at least one number
• Password has at least one special symbol
• Password is at least 6 characters long

Now you have password strength on the scale of 0 to 5....

Answer 4

Would it not be better to devise a set of guidelines or requirements (must contain letters, numbers, symbols and must be over 8 characters long and not be your username) or similar. This way you can test against those requirements and remove the ability for people to choose weak passwords such as dictionary words and short strings.

Answer 5

Thanks, but if I wanted to do it with a list where should i look?