Password checkers are great programs to use to find out just how complex your password is. Just a year ago (in 2010), a password such as |ocrian7 (which I show in my A+ Exam Cram 6th edition) was considered “strong”. Now, it’s considered to be “weak” in many password programs It’s an inevitable sign of the times. Password cracking programs and the computers that run them become more and more powerful as time goes on. Therefore, stronger passwords are required to keep your computing sessions and data secure. As a basic example, an eight character password with uppercase letters, numerals, and special characters should probably be upgraded to a ten character password or more. Actually, I have been recommending 15 character complex passwords for several years now. (Imagine the looks I get from the average user… 🙁 ) There are several reasons why I select 15 as my number (I delve into this in my books), but as time goes on, even that number might not be enough. Some organizations such as banks are already implementing (or at least planning) end-user multifactor authentication schemes such as password/smart card combinations. In general, the physical card (like a key to a door) can be a more effective form of security; but the smartcard requires hardware, software, and additional cost. Regardless of the drawbacks to the average user, it’s my opinion that in the near future we will see many PCs, laptops, and mobile devices equipped with multifactor authentication schemes including either a smart card option or biometric function. These will be used not only for authentication, but also to encrypt user sessions. Of course, professionals use these types of systems already, but they are not commonplace in the home or small office.
The Password Meter shows |ocrian7 as a “good” password, where in the past it was considered by that website to be “strong”. To make that password “strong”, we could simply capitalize the ‘o’ or any other letter. But a “very strong” password would require more characters, and more complexity. For example, the password Th1sV#ryS3cure is considered by the Password Meter to be a 100% “very strong” password. Of course, it shouldn’t be in reality because I use it in my books, and of course, I don’t recommend you use that password, it is for evaluation purposes only.
Update (June 2017): 5 years later, another good tool for password checking is https://password.kaspersky.com/. The same password shown above: Th1sV#ryS3cure, shows that an average home computer could brute force the password in 7 years, and that the Conficker botnet could do it in 3 hours.
This shows you how computers have progressed in 5 years and consequently, how much weaker a password becomes over time.