Password Strength Meter (1)

https://www.my1login.com/resources/password-strength-test/

Is it actually safe to use Password Checkers?

If you’re reading this section, then good – the quickest way to get hacked online is to be too trusting or assume websites are automatically safe. It’s good to be cautious and it’s never a good idea to enter your legitimate credentials into any website you are not confident about. The ones to watch especially are those who ask you to input your credentials.

So, why is this Password Strength Meter safe?

The passwords you type never leave your browser and we don’t store them (You can disconnect your internet connection and then try it if you wish)
All the checking is done on the page you’re on, not on our servers
Even if the password was sent to us, we wouldn’t actually know who you were anyway – so couldn’t match it up to any usernames or any websites you may visit
We’re in the business of making people more secure online and the last thing we want to see is passwords being transmitted across the internet insecurely.

How does My1Login's Password Strength Checker work?

The password strength calculator uses a variety of techniques to check how strong a password is. It uses common password dictionaries, regular dictionaries, first name and last name dictionaries and others. It also performs substitution attacks on these common words and names, replacing letters with numbers and symbols – for example it’ll replace A’s with 4’s and @’s, E’s with 3’s, I’s with 1’s and !’s and many more. Substitution is very typical by people who think they’re making passwords stronger – hackers know this though so it’s one of the first things hacking software uses to crack a password
The password strength meter checks for sequences of characters being used such as "12345" or "67890"
It even checks for proximity of characters on the keyboard such as "qwert" or "asdf".

Common mistakes and misconceptions

Replacing letters with digits and symbols. This technique is well known to hackers so swapping an "E" for a "3" or a "5" for a "$" doesn't make you much more secure
That meeting the minimum requirements for a password makes it strong. By today's standards, an 8-character password won't make you very secure
That it’s fine to use the same password a lot as long as it’s strong – what if the website is hacked? Do you know how the website stores your password? What if they store it in plaintext?

Guilty

Weak practices – storing passwords in the notes field on your phone, does it auto sync to the cloud, iCloud or Dropbox
Putting them in a spreadsheet, even password protecting a spreadsheet doesn’t keep the information safe. Check out our blog on this and other security subjects.