If you spend any part of your day in front of a screen, be it for gaming, work, or just browsing the web, then you probably have multiple username and password logins.
Upon choosing a password you would have been confronted with a little bar showing how “secure” your password is.
Only have letters? Adding a few numbers, symbols, or even a few extra characters will bump that red bar straight up to bright green and you can carry on with your day knowing that your login details are perfectly secure.
Except these password strength meters actually promote “piss-poor passwords” according to a new report by The Register.
This follows a study performed by Compound Eye developer Mark Stockley who confirmed that you can’t trust such meters.
“The passwords I used in the test are all, deliberately, absolutely dreadful. They’re chosen from a list of the 10,000 most common passwords and have characteristics I thought the password strength meters might overrate.”
The basis for his argument is that the meters rate character complexity but fail to identify combinations that can be guessed outright, such as popular passwords or those based on cliches.
Several password strength meters considered “abc123”, “trustno1”, “ncc1701” (the registration number of the USS Enterprise), “iloveyou!” and “primetime21” acceptable.
Even Microsoft believes that password strength meters should be binned.