Password Security
Parses the password field and comes back with a percentage of how secure your password is against a hack attempt.
AI
AI 요약: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.
소스 코드
<h2>Password Security</h2>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>Many of you have encountered the dreadful rules placed on
password security.<span style="mso-spacerun: yes"> </span>Some sites just go
too far with constraints.<span style="mso-spacerun: yes"> </span>Take this one
for example:<span style="mso-spacerun: yes"> </span></p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>Letters
and numbers only</li>
<li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>Nothing
may repeat</li>
<li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>8
characters minimum</li>
<li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>1
number minimum</li>
</ul>
<p style='margin:0in;margin-bottom:.0001pt'><span style='font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman"'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p>
<p class=MsoNormal>Although there are some tough constraints here, some extra
security preventions are not allowed.<span style="mso-spacerun: yes">
</span>Also, the 8 character minimum constraint makes this especially
harder.<span style="mso-spacerun: yes"> </span>Most people keep with a common
set of passwords … or “keys”.<span style="mso-spacerun: yes"> </span>Upon
further investigation, many of these keys are similar – such as changing a
number, adding an extra word to the original password, and so on.<span
style="mso-spacerun: yes"> </span>When a user is not allowed to use one of
there keys, or craft one that is similar, then a little anger begins to
stew.<span style="mso-spacerun: yes"> </span>You may have seen the type emails
my clients had received in the past from individuals in this predicament.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>My approach to the situation is to allow the user to enter
their password, but also be able to see how it holds up.<span
style="mso-spacerun: yes"> </span>I can adjust the percentage of security must
be met.<span style="mso-spacerun: yes"> </span>Chances are, your visitors may
even know that it isn’t all that great and are not worried about security – but
on the ability to login alone.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>The system that I have created gives a rating from 0 to 100
percent.<span style="mso-spacerun: yes"> </span>I recommend requiring users to
obtain at least 50% if you are concerned with accounts being hacked by
brute-force and dictionary attacks.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>The system is simple.<span style="mso-spacerun: yes">
</span>Each rule gets a maximum of 20% of the overall score.<span
style="mso-spacerun: yes"> </span>Here are the rules:</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l0 level1 lfo1;tab-stops:list .5in'>The
length of the password should be around 8 characters or more.<span
style="mso-spacerun: yes"> </span>Password gets 2.5% for each character.</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1;tab-stops:list .5in'>Numbers
should be present in the password.<span style="mso-spacerun: yes">
</span>2 recommended, 3 for best results.<span style="mso-spacerun: yes">
</span>Each number gets 6.67%</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1;tab-stops:list .5in'>There
should be at least 8 characters that do not repeat next to each other.
2.86% for each letter.</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1;tab-stops:list .5in'>User
should use mixed case.<span style="mso-spacerun: yes"> </span>2 pairs
minimum gets 10% for each pair.</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1;tab-stops:list .5in'>2
Special characters should be present – getting 10% for each character.</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>As far as the length goes, 8 characters are recommended at
most sites.<span style="mso-spacerun: yes"> </span>However, this was a common
constraint created back in the days of bulletin board systems and is out
dated.<span style="mso-spacerun: yes"> </span>This alone cannot prevent
attacks.<span style="mso-spacerun: yes"> </span>However, it appears that as
you add more characters, your security is greatly increased.<span
style="mso-spacerun: yes"> </span>I choose to cap this at eight.<span
style="mso-spacerun: yes"> </span>You can cap it off at a greater number of
characters by lowering the percentage assigned for each character.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>Numbers … This is a bit of a problem.<span
style="mso-spacerun: yes"> </span>Many users – when required to use numbers,
will place them at the end of the password, in the middle of a compound word,
or at the beginning.<span style="mso-spacerun: yes"> </span>This script does
not handle this, but it is a concern.<span style="mso-spacerun: yes">
</span>The next level of a dictionary attack would be to append numbers at the
end of each word.<span style="mso-spacerun: yes"> </span>I request 3 numbers
(20 / 3 = 6.7%) as to keep people on their toes if they want to increase
security to the max.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>The number of characters repeating is at eight.<span
style="mso-spacerun: yes"> </span>I divide by seven because the seventh
character checks against the eighth.<span style="mso-spacerun: yes"> </span>A
lot of sites that don’t like repeating characters will not even let one
character to repeat.<span style="mso-spacerun: yes"> </span>I believe this is
the equivalent of sticking your nose in the air away from your visitors.<span
style="mso-spacerun: yes"> </span>To think that this hinders security is
bad.<span style="mso-spacerun: yes"> </span>This rule was originally meant to
thwart the famous “AAAAAAAA” passwords that people tend to submit just to
ignore the whole theory of protecting your account.<span style="mso-spacerun:
yes"> </span>Imaging being denied to use these passwords “7ddT82-?!!”,
“U[]}}opW#”.<span style="mso-spacerun: yes"> </span>Experts would tell you the
passwords would appear cryptic and hard to crack, however – you would have some
sites telling you they are easily cracked just for the fact that one character
repeats after another.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>A fair amount of mixed case is recommended.<span
style="mso-spacerun: yes"> </span>Most users would type all in lower-case
letters.<span style="mso-spacerun: yes"> </span>Those that would use uppercase
usually capitalize the first letter.<span style="mso-spacerun: yes">
</span>Those who have compound words (such as doghouse) may also capitalize the
first letter of the second word (House).<span style="mso-spacerun: yes">
</span>Although it may prove beneficial to check for these specific variations,
most web browsers lack a dictionary to compare against for compound words.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>The last of the rules is the special characters.<span
style="mso-spacerun: yes"> </span>These are all characters except letters and
numbers.<span style="mso-spacerun: yes"> </span>Some people may go as far as
say that they exclude periods, dashes, and spaces.<span style="mso-spacerun:
yes"> </span>However, these characters are counted as special characters in my
script.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>In all, to get a 100% score the following is the minimum
requirements:</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l5 level1 lfo2;tab-stops:list .5in'>9-character
password</li>
<li class=MsoNormal style='mso-list:l5 level1 lfo2;tab-stops:list .5in'>3
numbers</li>
<li class=MsoNormal style='mso-list:l5 level1 lfo2;tab-stops:list .5in'>4
letters (2 lower, 2 upper)</li>
<li class=MsoNormal style='mso-list:l5 level1 lfo2;tab-stops:list .5in'>2
special characters</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>It is important to remember that you shouldn’t state that
100% isn’t an absolute necessity.<span style="mso-spacerun: yes">
</span>Around 75% is a good start – however, most passwords that people will
try would fit around the 50% to 60% range.<span style="mso-spacerun: yes">
</span>Consider the following as 100% secure.<span style="mso-spacerun: yes">
</span>Remember, although there may be patterns, brute force is not likely to
get them due to the complexity.</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l3 level1 lfo3;tab-stops:list .5in'>{a1A1A1a}</li>
<li class=MsoNormal style='mso-list:l3 level1 lfo3;tab-stops:list .5in'>Abcd123+-</li>
<li class=MsoNormal style='mso-list:l3 level1 lfo3;tab-stops:list .5in'>2}{loCK34</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>Now, here are some examples of how my password script
matches up with some common passwords that people may use.</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'>jbsesp
– 29%</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'>password
– 47%</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'>Cassandra
– 50%</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'>BillGates
– 60%</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'><a
href="mailto:[email protected]">[email protected]</a> - 60%</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo6;tab-stops:list .5in'>Lewis283
– 70%</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>I invite you to also try your luck and see how secure you
can build a password.<span style="mso-spacerun: yes"> </span>Tweak the code if
rules don’t appear to your taste.<span style="mso-spacerun: yes"> </span>If
you want to see more code or just find some information about me, then visit my
website at <a href="http://www.lewismoten.com/">http://www.lewismoten.com</a></p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
원본 댓글 (3)
Wayback Machine에서 복구됨