Researchers just launched a free password meter to help lock down your logins
Think your password is pretty clever? Guess again.This new online tool will show just how easy it is to guess your login.
Researchers from Carnegie Mellon University and the University of Chicago just released a state-of-the-art password meter that gives you instant feedback on how strong your password is, before advising on how you can make it even stronger.
The team created an artificial intelligence neural network that “learns” by scanning millions of existing passwords, and identifying trends we tend to follow in creating our word keys. If the meter flags a trait in your password that it knows hackers can easily guess, it will give you tangible tips on how to change it.
The study and the password tool will be presented at this week’s CHI 2017 conference in Denver, and a demo of the meter can be tried here.
This Moneyish reporter plugged in a couple of her favorite passwords into the meter, which some other sites have rated pretty strong in the past. Not this one. The new tool slapped the password for containing a date and using a word that could be found on Wikipedia. It also suggested capitalizing a random letter in the middle of the word, and moving symbols and digits to different parts of the word. Consider it changed.
“Instead of just having a meter say, ‘Your password is bad,’ we thought it would be useful for the meter to say, ‘Here’s why it’s bad and here’s how you could do better,'” said Carnegie Mellon professor Nicolas Christin, a co-author of the study in a statement.
Many of us are still clueless about locking down our logins. In fact, 15.4 million Americans were hacked last year because of weak passwords or clicking on links that spread computer viruses, according to Javelin Strategy and Research.
And just last week, 1 billion Gmail users were attacked by a sophisticated phishing scam that sent fake Google Docs to users which, if opened, granted access to managing their emails and their contacts. (If you clicked it, take these five steps immediately.)
Security experts suggested changing your password and activating a two-step authentication process to protect yourself – but if you’re using the same passwords across different sites, or tapping the same tricks everyone uses (swapping your O’s for zeroes, anyone?), you’re not making your digital identity any safer.
For example, the team behind the new password meter found that one of 2016’s most popular passwords was “qwertyuiop,” or simply the top row of letters on your keyboard. It’s the alphabet equivalent of picking “1-2-3-4,” and a no-brainer for seasoned hackers to figure out.
“The way attackers guess passwords is by exploiting the patterns that they observe in large datasets of breached passwords,” said Blase Ur, a lead author on the study behind the new password meter. “If you change Es to 3s in your password, that’s not going to fool an attacker. The meter will explain about how prevalent that substitution is and offer advice on what to do instead.”
© 2017 Dow Jones & Company, Inc. All Rights Reserved