The WordPress.com Blog

How strong is your password?

June 7, 2007

Donncha

No matter how good the software running on a website is, there is always the human factor. If your password is “test”, “1234”, “qwerty” or anything obvious then you are putting your blog at risk of having it hacked. For that reason the password change form on the profile page now checks how strong your password is.

A password can have four levels of strength:

Too short
Bad
Good
Strong

Please try to make your passwords “strong”, but we’ll accept “good” passwords too. It makes it a bit harder to change your password but the extra effort is worth it.

We’re using this code by Phiras. Thank you Phiras for making it available! I’m going to integrate this into WPMU soon as strong passwords are so important for site security.

Wow! It’s ages since I’ve made a post about a new feature here. There’s a good reason for that. My wonderful son Adam was born on April 21st and had a small bit to do with my lack of updates. I’m working on a few more things now so I’ll be back to blog about more goodies soon!

June 7, 2007
Features, New Features, Security, WordPress.com
Passwords

116 Comments

Comments are closed.

« Older Comments

cotojo Jun 11th at 6:11 pm
Congratulations Donncha on the birth of your son.
Passwords need to be strong and there are many places where you can generate good passwords then store them using http://www.clipperz.com or http://www.roboform.com. It’s also a good idea to change them now and again, just to thwart those that will persist in trying to hack them.

It’s great to see a p/w checker on site, nice one. Keep up the great work.

LikeLike
elgatosinbotas Jun 11th at 9:32 pm
congratulations, lindo chico! 🙂

LikeLike
imlocation Jun 11th at 9:42 pm
I would like to know how secure and usable a passphrase is compared to a password. It’s easy to remember a phrase, even a nonsensical one (especially if it’s funny). The phrase “it’s 2007 where is my flying car?” is very easy to remember, and yet I is very difficult to brute force — googeling it gives results (2) as a search for “a7f834”. But the phrase is infinitely easier to remember.

The biggest two downsides of passphrases I can think of is that:
a) they take longer to enter — but an extra half-seconds of typing every day is less frustrating then an extra 30 seconds of trying to remember a password every week.
b) Since they are longer, there is a greater chance of typos — but i think it would be possible to autocorrect for common typos (teh –> the, and so forth). It is 2007 after-all, we may not have flying cars, but we have computers that can recognize a simple phrase.

LikeLike
eb1024 Jun 12th at 12:10 am
I’ve ported this code to PHP, if a server side check is also necessary.

Source code at http://www.alixaxel.com/wordpress/2007/06/09/php-password-strength-algorithm/

LikeLike
satishbhasin123 Jun 12th at 6:39 am
decent add.
i also feel comfortable with a strong password.

LikeLike
Karen Jun 12th at 8:43 am
Congratulations on the birth of your son and my appreciation for your continued improvement of WordPress.com

LikeLike
Pingback: How Strong is YOUR Password? at Incoherent Babble
Khloud Jun 13th at 8:37 am
Congrats on the birth of Adam. & Thank you for the update 🙂

LikeLike
EscRiBiTioNiSt* Jun 13th at 9:23 am
Hehe.. mine is STRONG :p

LikeLike
joe345 Jun 13th at 10:52 am
My password can bench press 1000lbs!!!

LikeLike
josejavaho Jun 13th at 4:22 pm
Roboform password generator rocks….. Iife can be simple if you use good tools..
Jose

LikeLike
Riou Himeko Jun 13th at 5:08 pm
My password is strong. I even make mistakes (a lot of mistakes) when typing it. Haha! 😛

LikeLike
Elaheh Jun 14th at 2:52 pm
I rented my upper floor “Brain” long time ago so I try to use same password and yes its strong. 😛

LikeLike
cheezburger Jun 14th at 8:24 pm
How about — REALLY STRONG. 😉

LikeLike
lektorka Jun 14th at 8:30 pm
My password is strong.

LikeLike
Pingback: Bad Security 101 « Pat’s Daily Grind