Find out how secure your passwords are

15 June 2010

How Secure is my Password is a very simple website, but there's no doubt some clever number-crunching going on behind the scenes. Enter a current password, or one you're planning to use, and the site tells you how vulnerable the password is:

Bitterwallet - How secure is my password?

Most four letter profanities fall within the top 500 most-common passwords that could be cracked straight away. However, a combination of my date of birth followed by my home phone number proves rather more challenging.

Bitterwallet - How secure is my password?
Except I've now just told the whole intermaweb. Balls. A help page on choosing strong passwords goes on to detail how brute force attacks and dictionary attacks can give hackers access to your account; a Pentium 100 PC might typically be able to try 200,000 combinations every second, meaning a six character password containing just upper and lower case characters could be guessed in only 27½ hours.

TOPICS:   Privacy   Technology

25 comments

  • mo
    26 days :(
  • mo
    HOW SECURE IS MY PASSWORD? It would take About 1,609,824 nonillion years for a desktop PC to crack your password
  • Emma
    Website is registered to... Small Hadron Collider !!
  • Morocco
    417 years. Bang on
  • Morocco
    It would take About 1,609,824 nonillion years for a desktop PC to crack your password... I got this too, just by entering some numbers, some punctuation and some letters. Hmmm. Is it lying or is that the biggest number it can come up with?
  • ScottC
    Er..... Probably somewhat less secure after you enter the password into a public website where they can collate the passwords entered at their leisure...!
  • Russ
    What a great website, enter all common passwords and collate them to a database... thats useful data!!!!
  • David
    This is not a very helpful way to look at it. Password length is only one aspect. The password "abcdefghijklm" is not going to take 7,000 years to crack as the website says. There are no "safe" passwords. Supercomputers available today can crack anything you're likely to use as a password. It's best to treat most online info as visible to all.
  • parpparp
    I will be glad to check your passwords for you sirs. Kindly send them to [email protected]
  • Dirty F.
    The website is probably stealing all your passwords as you type them in!
  • Grammar N.
    'About 565,892,495,532 nonillion years' is a high as I could get it to go. =P
  • F. F.
    19 sextillion years.... thats also my password
  • Umbongo C.
    wtf still uses a pentium 100 to crack passwords? it's no longer 1996. if you want to crack passwords, just setup a website like this one, or facespace or twatter and let people type them in for you
  • ButterMan
    I like the predictability of the first thing you try being a load of 'four letter words'.. My password is the same one the Druidians use to secure their air supply against Lord Dark Helmet.
  • Nobby
    They reckon monkeybollocks would take 204,000 years, but as it is based on two words I reckon it would be faster. It's 93 billion years for bitterwallet=twats. They recommend not just adding a number eg apple1. Yet apple1 takes the same time to crack as app1le and a1pple. So their algorithm doesn't take this into account. And appleapple takes as long as applegrape - again they don't check for repeat words.
  • Paulo M.
    It would take About 3 days for a desktop PC to crack your password
  • paynowbuylater
    if you put your entire password in as a single letter over and over noone will ever get it! the website told me!
  • The B.
    Hold on now, that's just by brute force attacking a site, how about this from 2 years ago: http://www.datacenterknowledge.com/archives/2008/12/30/playstation-cluster-busts-md5-ssl-certs/
  • Ted S.
    Password cracking? Shit cracking more like. (Shitcracking takes 302 years to crack)
  • tin
    WTF IS DIS REAL? = 90 billion years. It's safe
  • Smith
    For all those saying that the site harvests passwords...you're WRONG. Look at the source code for the site. You're not actually SENDING any data over the Interwebz. It just uses JavaScript and runs locally on your computer (client-side). In fact, if you go on the website so it loads up, disconnect your internet and try various passwords and you'll see it still works.
  • wombat
    @Smith - Thanks for that - mind you we're all so paranoid I still didn't type in my actual passwords. As has been pointed out all data you enter on the internet and any account should be treated as if anyone can access it... My old Paypal password is supposedly strong "It would take About 24 quadrillion years for a desktop PC to crack your password" - that didn't stop those sneaky Chinese using my account to buy 500 euros of services from Skype Australia during their hack fest the other year....
  • Test
    You guys realise that keyloggers and phishing scams are a far more efficient (and hence popular) method of obtaining passwords, right?
  • Mr G.
    Nobody cracks passwords by brute force and nobody (but a Linux hobbyist) still uses a Pentium 100. So what exactly was the point again?
  • Shopdis F.
    @Smith - BULLSHIT. Source code for server applications are never available through the source of a client. You will never know if this is storing your passwords to a database or not.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment