From Very Weak to Very Strong: Analyzing Password-Strength Meters
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
We analyze password-strength meters from 11 highly popular web services by reverse-engineering their functionality, and testing them against nearly 4 million passwords from common dictionaries. Our results provide prominent characteristics of these meters, and show severe inconsistencies in strength outcomes that may confuse users in choosing a stronger password.