Robert Crane posted this link which is a website that you can enter a password into and it will give you a guide as to how long it will take for a single computer to crack your password using brute force attempts. The more complex and longer the password, the longer it will take to crack it. Now it’s a great idea in principle to have a site like this to help elevate the awareness to our customers that their “secret password” of Monday is in fact not all that secure.
Here’s the potential downside though… and I’m not making insinuations against the authors of this particular site, but how easy would it be to have the site track the IPs of it’s visitors and the passwords they try out. Then that information could potentially later be used in an attack against those IPs with the passwords that were tried. I wonder how many systems administrators thought it would be good to try out their admin passwords on this website without giving a 2nd thought to the fact that there could be something more concerning going on under the covers? Whats more… I wonder how many of them would admit to it?
Be careful people… not everything may be as it seems 🙂
Ken Shafer says
Excellent points Wayne. In fact, Trend Micro considers the site dangerous enough to block access to it.
Wayne Small says
Indeed it is now Ken – thanks for that – was not aware of it! 🙂