Ryan Posted May 25, 2016 Report Share Posted May 25, 2016 Two issues with the password audit: 1) It's way too forgiving, here is an example: it rates the password "weak" as "very weak" (great, it is), "veryweak" as "good" (what? this would fall to a dictionary attack in seconds!) 2) No options in the password audit to find so-called "good" passwords. Every password I had in my library after importing from my old password manager was rated "good" or better. Some of them (since changed), I'm ashamed to admit were very bad passwords (as evidenced by them being what Enpass calls "good"), and I would have liked to have been able to do a search for these as well rather than just scrub through the manually. Link to comment Share on other sites More sharing options...
Vinod Kumar Posted May 26, 2016 Report Share Posted May 26, 2016 Hi @Ryan, Thanks for sharing your thoughts. Our current password strength meter was designed primarily for our password generator only. It is entirely based on entropy calculation. Unfortunately it doesn't check for dictionary words because it is very highly unlikely that our password generator will generate a dictionary based password. However, we do check for 10000 most commonly used passwords and mark them very weak. The good news is that a better password strength meter inspired from dropbox-zxcvbn is currently in primary stage of development. I would also like to share that a new password generator (with Diceware for pronounceable passwords) is ready to be rolled out for all supported platforms soon. Link to comment Share on other sites More sharing options...
Xinamo Posted August 16, 2016 Report Share Posted August 16, 2016 On 26. 5. 2016 at 2:08 PM, Vinod Kumar said: Hi @Ryan, Thanks for sharing your thoughts. Our current password strength meter was designed primarily for our password generator only. It is entirely based on entropy calculation. Unfortunately it doesn't check for dictionary words because it is very highly unlikely that our password generator will generate a dictionary based password. However, we do check for 10000 most commonly used passwords and mark them very weak. The good news is that a better password strength meter inspired from dropbox-zxcvbn is currently in primary stage of development. I would also like to share that a new password generator (with Diceware for pronounceable passwords) is ready to be rolled out for all supported platforms soon. Hi, it's been a while and there is no sign of update to password strength meter. I don't think that "123456123456123456" is "super" strong password - according to your meter it is. Link to comment Share on other sites More sharing options...
Vinod Kumar Posted August 16, 2016 Report Share Posted August 16, 2016 Hi @Xinamo, The upcoming version 5.4 is planned to have better password strength meter (dropbox-zxcvbn based). 1 Link to comment Share on other sites More sharing options...
Recommended Posts