0

He is the president of USA, and known all across the globe. With USA going to elections in 2020, should donaldtrump2020 be considered a strong password, as I found out upon checking with some online password checker? It stated that this is a strong password with no sequential numbers/symbols/alphabets etc.

Shouldn't there be a process that checks for well-known terms/phrases/names/events as well?

Is there an online utility that would tell if a password:

  1. Does not contain alphabets/numbers/symbols in sequence. Ex. abc 456 @#$
  2. Does not contain phrases/well-known celebrities/countries/places.
  3. Does not contain mathematical/chemical/physics formulae.
Anders
  • 65,052
  • 24
  • 180
  • 218
ksalf
  • 31
  • 5
  • 4
    Your question seems to apply that everybody (?) treats this is a strong password. But there is not even a general accepted and universal metric for password strength which is applicable to all situations so it is unclear what kind of feedback you expect here. – Steffen Ullrich Apr 10 '19 at 00:29
  • @SteffenUllrich - Sir, I was suggested a site to check if passwords are strong, I went there, found it cool, but upon entering this, I thought I should come here and ask. Should I delete this question? – ksalf Apr 10 '19 at 00:32
  • @SteffenUllrich: Sir, I was given charge for checking if passwords are strong enough. Could you please suggest how do I ascertain if a password is strong/weak? – ksalf Apr 10 '19 at 00:34
  • 3
    *"I was suggested a site to check if passwords are strong"* - You don't mention any site you've used but instead made a generalized statement which somehow implies that everyone would treat this password as strong. The actual strength of a password depends on what the attacker knows about the user and the users environment since these factors might be used to narrow down useful phrases in the password. A strong password is only a randomly generated one since it does not rely on such context - but of course it is harder to remember. – Steffen Ullrich Apr 10 '19 at 00:37
  • *"Could you please suggest how do I ascertain if a password is strong/weak?"* - that's a different question than the one your main question. Please don't ask new questions in a comment but ask a new question. – Steffen Ullrich Apr 10 '19 at 00:43
  • @SteffenUllrich : Sir, if I name the site here, it might be an insult to them if they are wrong, that's why I am not naming them...although, the tag and a word in my question identifies that site. – ksalf Apr 10 '19 at 00:43
  • The problem is not that you fail to name the site but that you don't mention at all that your statement applies only to a specific (unnamed) online password checker. This way you make a generalized statement which somehow implies that there is a universal method to measure password strength and that everybody is using this method. – Steffen Ullrich Apr 10 '19 at 00:46
  • You are still implying some common metric although the problem you have applies only to a specific password checker. If you used another one you might get widely different results - for me [this one](https://password.kaspersky.com/) gives "There are widely used combinations" and that it will be probably be cracked on a home computer in 3 month. – Steffen Ullrich Apr 10 '19 at 01:09
  • @SteffenUllrich: Sir, I checked on other password checkers and they too stated different results. I guess every password checker would display different results. – ksalf Apr 10 '19 at 01:17
  • 3
    Possible duplicate of [How reliable is a password strength checker?](https://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker) I realize you are asking a slightly different question than the one linked, but I believe the answers to that question will help you better understand the shortcomings of some password strength meters. – PwdRsch Apr 10 '19 at 02:31
  • @SteffenUllrich: Thank for your support, Sir. I learnt how to post a question properly from you, posted one in stackoverflow, got an answer too, and I am not suspended, and that 'suspension` notice is not coming over anymore when I go to post a new question...YAAAAYYYYY!!!!! – ksalf Apr 10 '19 at 16:25

1 Answers1

3

Often online password checkers aren't comparing the given password against popular terms or phrases. This is because this would require having a dictionary of all relevant permutations of said term/phrase and having a complete one isn't feasible in most situations. Often the only metric for the strength is the entropy of the password, and that has been well covered, so I won't add to it.

embasa
  • 106
  • 1
  • 1
  • 5
  • 1
    It should be noted that "entropy" is a very loose term. Some password checkers consider `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` to be a very secure password, because of its length. Realistically, it's probably not. More often than not, they check the length and how many characters from distinct sets (uppercase, lowercase, digits and ascii symbols) they find and then take that to the power of the length. –  Apr 10 '19 at 07:20
  • 2
    @MechMK1 "entropy" is not a loose term. How different calculators calculate it will differ from calculator to calculator. – schroeder Apr 10 '19 at 08:16
  • @schroeder I meant that online password checkers don't actually attempt to measure the entropy of the password, but rather just check how big the keyspace is. I hope this comment clarifies that. –  Apr 10 '19 at 08:36
  • Thank for answering, Sir.Is there any online password checker that would eliminate check for popular phrases? I have edited my question, please see it. – ksalf Apr 10 '19 at 16:02
  • 2
    @ksalf https://www.my1login.com/resources/password-strength-test/ actually flags 'donaldtrump2020' as very weak due to being a common password. Enjoy. – Monica Apologists Get Out Apr 10 '19 at 19:50
  • 1
    @Adonalsium: Thank you very much, madam. – ksalf Apr 10 '19 at 20:27