password security

[The Little Guy]

Anyone have any Ideas what to search for in a password to check to tell a user how secure there password is?

[pocobueno1388]

The longer, the better

Having a mix of numbers and digits is better

 

Hmmm, that is all I can think of for now. That is the obvious though, haha.

 

[The Little Guy]

here is what I have so far:

http://tzfiles.com/testing/chkpass.php

 

100 is supposed to be perfect or 100% Secure... What do you think?

[per1os]

Your best defense is only allowing a user to enter a password 3 times before it locks them out for 30 minutes.

 

Either way generally 8-12 characters with a mixture of upper/lower numbers and at least 1 special character IE:

 

m0unT4inM4N!

 

Would take a long time to break.

[dough boy]

I would assign more "weight" to symbols and numbers.  Every character I typed in after 4 earned just 10 "points"

[The Little Guy]

Done, Just the numbers... How would I do symbols???

 

This is how I did numbers:

<?php
$pasa = str_split($pas);
foreach($pasa as $let){
if(preg_match("~^[0-9]$~",$let)){
	$secure += 20;
}
}
?>

[Daniel0]

100 is supposed to be perfect or 100% Secure... What do you think?

 

Technically you cannot have a 100% secure password. It is just a matter of time and computational power before it can be cracked.

 

You could start with a basic score, then add points to the score based the the following things:

- length

- contains a-z?

- contains A-Z?

- contains 0-9?

- contains special characters (all other than a-zA-Z0-9)?

- contains words in a dictionary (deduct points)?

- contains reversed words in a dictionary (deduct points)?

- contains patterns on keyboard - e.g. qwerty (deduct points)?

[monk.e.boy]

Why bother? It's not your problem.

 

If you end up telling someone their password is 100% amazing, then it is cracked 20 minutes later, can they sue you for one million US bucks?

 

It's up to the user to type in something secure. What they type is nothing to do with you.

 

monk.e.boy