atoponce,
@atoponce@fosstodon.org avatar

Hey @bitwarden, your passphrase strength game needs work (unsurprisingly).

https://bitwarden.com/passphrase-strength-game/

Screenshot of the passphrase strength game showing "faster higher stronger" as the passphrase. The game claims it would take "centuries" to crack requiring 884.2 trillion guesses.
Screenshot of the passphrase strength game showing "death before dishonor" as the passphrase. The game claims it would take "centuries" to crack requiring 188 trillion guesses.

bitwarden,
@bitwarden@fosstodon.org avatar

@atoponce Can you elaborate? I tested using short, common words and this was my score.

atoponce,
@atoponce@fosstodon.org avatar

@bitwarden Where to begin?

The first is that this is a password strength meter, and they should not be built. Troy Hunt agrees:

https://www.troyhunt.com/password-strength-indicators-help-people-make-dumb-choices/

Instead, this "game" isn't educating users about why randomness is critical to password security, Instead, it's spreading common misconceptions about password strength through an entertaining game.

As demonstrated, it's not difficult to find trivial 3-word phrases that are obviously weak, but your game says are strong.

1/2

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • DreamBathrooms
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • ngwrru68w68
  • tacticalgear
  • JUstTest
  • osvaldo12
  • tester
  • cubers
  • cisconetworking
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • anitta
  • normalnudes
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •