Password Strength Checker

by Cliff Hatch on February 4, 2009

I remember running a security audit against one of our domains when I was in the military. We ran some utilities against the domain controllers and put together a list of the user’s passwords, and then used them in a presentation about security for the users. They were shocked when we put up the list. Here’s a list of 500 of the most common passwords (*Caution, some of these are obscene*)- if you see any of your passwords here immediately change them. They’re well known and the hackers start with this list. If you didn’t see your list and would like to check a password, try this password checker.

{ 4 comments… read them below or add one }

Eddie February 20, 2009 at 10:23 pm

Oh man, I have to change my password now… Wow.

Maximillian Hill March 27, 2009 at 7:37 am

Although it’s safe in this case, it’d suck if the password checker logged your passwords and used a cookie exploit to guess which websites to try your password on. I wouldn’t go putting my password in on a random site.

Cliff March 27, 2009 at 11:14 am

Excellent point Maximillian, probably be better still to check one password and use another- ie check the strength for a 10 character password using an uppercase, lowercase, number and special character, then develop your own unique version for actual use. I’ve had pretty good luck with Roboform, which can generate and remember them for you. The free version lets you keep up to ten passwords, the pro version is unlimited. Given we maintain several hundred passwords, most of which are changed every 90 days or less, it’s pretty handy.

Mark June 11, 2009 at 1:29 pm

Thanks, I changed my passwords too!

Leave a Comment

Previous post:

Next post: