Fork me on GitHub
Welcome to OWASP
Do Passwords Better
Because passwords can be less annoying

Powerful Policies

Passfault Policies

The following example shows how to configure a password policy with passfault. Just slide the bar.

No passwords permitted that can be cracked in less than
less than 1 day
Password pattern size: 1 Hundred
When cracking passwords with
... and passwords are protected using

Passfault Policies

Imagine configuring a password policy based on the time to crack. As an administrator you specify the strength of your organizations passwords. It is as easy as moving a slider bar. As you move the slider bar higher, the time to crack is increased for your entire organization. You know exactly the risk passwords pose to your organization.

Inaccurate and Un-intuitive Policies

Now consider the alternatives. Instead of setting the strength of passwords as a policy, alternatives check only properties that may, or may not, increase password strength. As an administrator consider the usual policy options:

These restrictions do not indicate password strength. As an example consider this password pattern: press all the keys under your hand in a row, "4567", then hold shift and do it again "$%^&", then move your hand down and repeat, "rtyuRTYU". The result is a 16 character password that satisfies most policies. Passfault recognizes the four horizontal keyboard pattern each with a size of 296, easily cracked, and only detected by passfault.

Test your password strength with passfault