editor
hiraethified
No user names to be found there squire. And many will share the same IP addresses anyway.
How strong is your urban password?
- Thread starter editor
- Start date
scumbalina
Scummy Mummy
weak 
FridgeMagnet
Administrator
Eh. Mine rates "medium", but, well... when I was a student in the AI department, they used to run the latest password crackers on everyone and send out humiliating emails saying "we cracked your password, change it n00b" to anyone falling foul. I never got one, and I take the same attitude to creating passwords now. I'm not going to randomly generate a 32-byte string or anything.
Fersackaly. If it aint in a dictionary, you're ahead of 95% of the general population.
quimcunx
imprimeo, lamino, distribuo
purves grundy
ambient clown remix
My password - 'p1neApple' - is strong
Reassuring
Reassuring
sleaterkinney
Well-Known Member
That's got to be the best phishing scam ever, imagine getting hold of all the passwords people type in. 
marty21
One on one? You're crazy.
it's ok, i've already changed mine to firkyThat's got to be the best phishing scam ever, imagine getting hold of all the passwords people type in.
There is a world beyond urban
People will be entering their administrator passwords into a page that knows their IP address
cybertect
It's grim up north (London)
Hmm. I don't know about your server, but my apache logs retain the referring URL complete with the thread reference and a time stamp of when they clicked on the link.
[sample from last November]
Bonus points for the IP address of the computer where that link was clicked and the browser and OS it's running.
Like I said, assuming someone comes back to report within a couple of minutes of trying the test, then it narrows the field down to just a very few users if you've captured their password during the check.
Some people have even posted that they use the same password for the login on their computer. Hijack the forum account and you've got their email address and a good clue to what their email password is and quite a few other uses.
Just pointing out that the password doesn't stand on its own. There's lots of other information surrounding it.
editor
hiraethified
But that only applies to those people who have inputted their passwords and posted on the thread to say so. And assuming they actually posted in their real password.
Assuming that Microsoft has got someone sitting there desperately waiting to capture the passwords of people posting on a non commercial bulletin board, of course.
I'd say if they were that bothered it would be a damn sight easier to run the usual password hacking tools.
Lazy Llama
Suburban robots that monitor reality
The page uses javascript to assess the password, so it runs entirely on your own computer (if what they say on the page is true anyway), no information is passed to them.
I'm pretty sure if you "sniff" the traffic, you'll find that it's not sending any of your passwords.
I'm pretty sure if you "sniff" the traffic, you'll find that it's not sending any of your passwords.
Vintage Paw
dead stare and computer glare
I remember seeing this piece on't telly saying if you find it difficult to remember passwords then have one 'base' password, and add different things to it depending on what you use it for.
So, if I'm being cunning, my base password might be lolcat, but for my computer it might be detectivelolcat (as in PC lolcat), for my amazon account it might be amazinglolcat - so things that you will remember and associate with that website etc.
You could split the name of whatever site it is and sandwich your base password in the middle. So amazon password becomes amalolcatzon, ebay becomes eblolcatay, urban becomes urlolcatban (lol) - and so on. The trick is to be consistent.
I think it's a very good system to use.
However, I'm made of fail and most of my passwords are incredibly weak. Either that or I use the same really strong one for everything
So, if I'm being cunning, my base password might be lolcat, but for my computer it might be detectivelolcat (as in PC lolcat), for my amazon account it might be amazinglolcat - so things that you will remember and associate with that website etc.
You could split the name of whatever site it is and sandwich your base password in the middle. So amazon password becomes amalolcatzon, ebay becomes eblolcatay, urban becomes urlolcatban (lol) - and so on. The trick is to be consistent.
I think it's a very good system to use.
However, I'm made of fail and most of my passwords are incredibly weak. Either that or I use the same really strong one for everything
Pingu
Credo
cybertect
It's grim up north (London)
Yep. TBH, I seriously doubt that anyone at Microsoft is doing anything like that and I'm not suggesting that that is the case here and now.
The URL looks genuine enough and I'm tempted to believe their assurances that no data passes back to their servers without trawling through the code or sniffing my network.
How can I put this? One needs to assess each case on its merits and be aware that it could be used maliciously if things were different. If a similar link were posted on an eBay discussion board or blog, I'd be far more wary, for example.
The URL looks genuine enough and I'm tempted to believe their assurances that no data passes back to their servers without trawling through the code or sniffing my network.
How can I put this? One needs to assess each case on its merits and be aware that it could be used maliciously if things were different. If a similar link were posted on an eBay discussion board or blog, I'd be far more wary, for example.
editor
hiraethified
I took a look at the source code and there didn't seem to be anything iffy going on.
Sure. But of the password testing app was on something like ur-security-appz.info or bank-in-nigeria.com I wouldn't have posted it up here.
Edit: typing the same two characters (e.g. 4545454545454545 etc) keeps the result at 'low' no matter how many times you repeat it.
Medium.
I need to update my password for loads of sites. I use the same one for everything and have been for about the last 9 years.
AnnaKarpik
Queen of all she surveys
My password is so strong even I don't know it 
<smug> <smug> <smug>
<smug> <smug> <smug>
Microsoft telling us to who to have secure passwords...? Bit like a crack dealing giving advice on the Drug War...
Its good advice but they miss out this:
Never, ever use words in the dictionary. Can be found very quickly...
alsoknownas
some bloke
You do realise that site is stealing all your passwords!
beesonthewhatnow
going deaf for a living
Strong
stdPikachu
Plughole in bathtub curve
hey editor maybe you can require the password to be at least 10 alpha-numeric characters with a forced change every 30 days?
Pointless unless the site switches to using SSL as well. And a secure password is one that's remembered, not one that has to be scribbled down every 30 days.
Nope: never, ever use one word from the dictionary.
And use a different dictionary if you can - if your password is two Finnish words joined with a punctuation mark, it won't matter if you say it out loud while you type it, 'cos no-one around you will be able to spell it. (Offer does not apply in Finland.)
Similar threads
