I want to test my password strength, is there a program out there that can crack my password relatively quickly? I am familiar with BackTrack 5, but I usually use it to test WEP password strength. I use a webmail provider and I have my username displayed on my website, which is my email address for my company. Is it possible that with that little information (my email address) someone can brute force crack my password? If so what software would they use?
-
3Post your password here, and we'll tell you if its good :P – CodesInChaos Jul 27 '12 at 07:41
3 Answers
I would recommend that you not actually attempt to crack your password.
Especially not via the web interface! Many systems will detect brute force attempts and you could get into trouble for that.
It's not even necessary to try to brute force the password offline, just count its entropy and make sure that's high enough for your needs.
As xce said, do not try and brute force it. Various reasons why:
- your provider may detect it as an attack and you could be breaching your contract, or even breaching computer misuse laws where you are
- you don't know what delays they have built in, so you may actually stand no chance brute forcing even a simple password
- brute forcing is really only useful if you have a local copy of the hash, or are brute forcing multiple accounts at once - otherwise it is too slow, too noisy and generally not useful
You can find out the entropy of your password pretty easily - various tools will tell you (but avoid the online tools, and avoid using your real password)
I would advise reading this question and its answers for a good summary of password strength.
- 61,474
- 12
- 117
- 321
In response to the above, while attempting to hack your own password is never advisable some of the most secure passwords require at least of each of the following:
1) One Capital Letter 2) One lower case letter 3) One digit, e.g., any from 0 - 9; 4) One Special Character, which can include "*; @; $; and so on.
All of these should be used together, but you can use them in any order and any combination you wish so long as you remember the password you created. Of course, for sites requiring a minimum six character password, use 1 - 2 of each, again, in pretty much any combination you choose, so long as you don't forget the password you created.
Also, try to remember to change the password about every 7 - 10 days, again using the same format as above, but try not to duplicate any of the character from your previous password, as you may, depending on the site, get an error message asking you to think of a new password.
- 1