Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: Use a password analyzer to improve password security Apps
If you try to change the password for a Keychain using the Keychain Access app, you'll notice on the resulting dialog box a circular button with an 'i' in it, as seen in the inset in the screenshot. If you click on it, Panther will display the Password Assistant panel (the remainder of the screenshot), which will advise you on the content of your password.

[robg adds: The advisor is pretty intelligent. If you use your name, it tells you. It checks words in the dictionary. It checks variations on words. If more people used tools like this, we've have less hacking ... he writes as he goes to work on his personal 13.1 password security score!]
    •    
  • Currently 1.90 / 5
  You rated: 2 / 5 (10 votes cast)
 
[33,316 views]  

10.3: Use a password analyzer to improve password security | 17 comments | Create New Account
Click here to return to the '10.3: Use a password analyzer to improve password security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use a password analyzer to improve password security
Authored by: TvE on Oct 30, '03 05:09:57AM

HA - one of my projects' admin passwords got a 79.2!!!

Cute little feature.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: mewyn on Oct 30, '03 07:33:27AM

13? Iesh :). My normal password I use on my system right now, which is about time for changing scores about 56, and my root password for my server is up in the 130s range.

Remember, your security is as strong as it's weakest link, so make that link strong.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: network23 on Oct 30, '03 11:03:10AM

Interesting. I typed in a 43-character string to test. Even though the score was 180.9, I still had a warning flag, because I used one instance of "1212", that my password was too simplistic or systematic.

---
Live and Direct, only from
Network 23



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: demmons65 on Oct 30, '03 08:13:23AM
My login password came in at 59.1. My root password came in at 83. I'm going to try a password generator and see what some of their combos produce. I have a feeling that it won't get much better unless I got a much longer one.

Download PassGenX here.

(I have no affiliation with the author other than being an enthusiastic user of it.)

---
--
d a v e


[ Reply to This | # ]

And don't forget RPG...
Authored by: jiclark on Oct 30, '03 10:36:57AM
...found here. It seems like a very capable random password generator, and is free! Reviewers at VT like it too (for what that's worth).

---


[ Reply to This | # ]

10.3: Use a password analyzer to improve password security
Authored by: aranor on Oct 30, '03 08:28:29PM

Nifty. I got a 76.5 with my password.

Here's a puzzle. I used to use the password 'blargh' for a few things that I didn't care about (I've since changed the password on all those). I typed that in and it said it was based on a reversed dictionary word. Any idea what word it things hgralb is based on?!?



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: Usr bin Login on Nov 03, '03 10:53:59PM
VERY interesting - it flags my favorite throwaway 'p455w0rd' with "this is based on a dictionary word."

---
--------


QA implies some sort of quality to begin with.

[ Reply to This | # ]

Why is this buried?
Authored by: natecook on Nov 04, '03 01:23:41AM

Seems like a useful thing to teach people how to create good passwords... Why did they bury it in this app that people rarely use? Seems to me like it'd make sense in the system prefs.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: papermaker on Nov 05, '03 07:18:13AM

I am set. The 29 character password I have been using on an encrypted disk image for the past year or so scores a 190.5 with no flags. Now all I need is for FileVault to work with specific folders instead of the whole Home folder.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: brainsik on Nov 17, '03 03:01:33PM

Some comments how this doesn't really help protect against hacking.

1. Most hacks are really code exploits (such as buffer overflows). This is how all the worms of recent fame get around. No matter how good the password on a system, if you can exploit running code, you don't need to know it.

2. If you use your password in the clear (meaning, non-encrypted), such as a non-SSL webpage (like this one) or non-SSL IMAP/POP connection (as most are), then any computer in the path or on the same network as computer in the path between yours and the destination can read it.

Really, a good password is protecting you against stray eyes seeing what you've typed. It's very uncommon to try an brute force guess someones password.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: robophilosopher on Oct 09, '04 11:27:32AM

I feel as though you need a qualifier here. "It's very uncommon to try and brute force guess someones password." Not so much; this is one of the most common attacks; it's just not tried very frequently, or against people who have halfway decent IQs. But I'm sure you've heard as many stories as I about people with "hello" as admin passwords. I'm not saying that password guessing is the most common *successful* attack, but I believe it is an incredibly common attempted attack. Don't ignore other security issues because you have a good password, but if you have a bad password, it's the thing to change before hardening the rest of your system, I think. (Immediately before.)



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: Wicked123 on Feb 08, '04 09:51:58AM

Is this gone with 10.3.2 and Safari 1.2? The keychain app has been changed, and I am not able to find the password assistant.

Any help is appreciated.



[ Reply to This | # ]
Password Assistant
Authored by: sjk on Feb 08, '04 03:07:48PM

Run Keychain Access application.
Select "Change Password for Keychain "name"..." from the Edit menu.
Click the round italic 'i' button to bring up the Password Assistant window.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: dzurn on Sep 27, '04 09:36:02AM

I thought it was gone as well. But then I realized that it was asking to unlock the keychain before it could get to the password-change dialog.

Just unlock your keychain as usual, and then you'll get to the password assistant dialog. Nice tool!

---
Madness takes its toll.
Please have exact change.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: powerbookg3user0 on Oct 05, '04 01:48:47AM
What I did was "email address is my address" and i got a 253.7! Looks like spaces impact it a lot...

---
Takumi Murayama

[ Reply to This | # ]

10.3: Use a password analyzer to improve password security
Authored by: cupbeempty on Oct 05, '04 11:33:27PM

Yeah try entering a phrase (like my most secure one) and you end up with something like 395.4

'this is a secure password' garners a 171.4 with no flags... but somehow does not seem so secure



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: boredzo on Jan 01, '05 06:53:12AM

this Password Assistant is used by both Keychain Access and the Disk Images UI Helper (which is used by hdiutil and Disk Utility, and whose Password Assistant button appears when you create an encrypted disk image).

after a bit of rummaging around, I figured out how to access the Password Assistant, and wrote a small application that uses it.

so now you don't need to fire up Keychain Access to test a password. ☺



[ Reply to This | # ]