Fork me on GitHub
Welcome to OWASP
Do Passwords Better
Because passwords can be less annoying

How Does Passfault Work?

Password Patterns:

Passfault identifies patterns in a password, then calculates the number of passwords that could exist in those patterns. This is the measurement of password complexity. It is more academic and much more accurate than existing password analysis tools.

How do you make your passwords?:

Suppose a hacker knew how you made your passwords. Would that extra knowledge help crack your password? Suppose you picked the first letter of every word from a long sentence. Suppose you have a 35 character password build this way. This would take decades to crack, but Facebook ranks it as "weak". Why? Because it doesn't have numbers or special characters. However if you pick a common word and append an a number and special character: "cracked1!", facebook ranks the password as strong. This pattern could be cracked in less than one day on an average computer.

Time to crack:

The size of a password pattern determines how many passwords a hacker would have to try to guess your password. To put metric in perspective, passfault will estimate the "time to crack". (Calculated by pattern size, type of password protection, and an estimate of cracking hardware). The power of this measurement comes from it's simplicity. It is easy to understand. It communicates clearly the risk that a password poses to the individual and an organization.

Continue reading to learn about intuitive and powerful password policies