Passfault – Do Passwords Better

Passfault is a tool to evaluate the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple.

When setting a password, Passfault examines the password, looking for common patterns. Passfault than measures the strength of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength.

Passfault - Do Passwords Better
Passfault – Do Passwords Better

This tool will be useful to verify how the selected password will be hard to crack and it include the following features:

  • Measures the size of password patterns and identifies more weak passwords, yet allows strong passwords that don’t match traditional password policies.
  • Provides detailed analysis of the password and sub patterns within the password, so users quickly learn how to make strong passwords without training.
  • Presents the password strength as the “time to crack” to help communicate the risk of poor paswords, providing the incentive to create stronger passwords.
  • Empowers administrators to know and control the strength and risk of the organization’s passwords.

Suppose a hacker knew how you made your passwords. Would that extra knowledge help crack your password? Suppose you picked the first letter of every word from a long sentence. Suppose you have a 35 character password build this way. This would take decades to crack, but Facebook ranks it as “weak”. Why? Because it doesn’t have numbers or special characters. However if you pick a common word and append an a number and special character: “cracked1!”, facebook ranks the password as strong. This pattern could be cracked in less than one day on an average computer.

You can read more and download this tool over here: https://github.com/OWASP/passfault

Share