CLOSE
IStock
IStock

Why You Shouldn't Trust Password Strength Meters

IStock
IStock

Weak. Very Weak. Good. Strong. Online password strength meters are like those carnival mallets that measure how hard you can smash something—or, in this case, how secure you’ve made your access code for a website. But according to Naked Security consultant Mark Stockley, they might not be as trustworthy as you think.

Stockley recently conducted an experiment in which five strength meters were selected based on their high return results from a web search. He used five common, easily cracked passwords—including NCC1701, the registration number of the Star Trek starship Enterprise, and trustno1, an ironically weak nod to security paranoia—and looked to see how the meters responded to his purposefully lame attempts at privacy protection.

In every case, the meters failed to reject any of the passwords as being too ineffectual; one rated trustno1 as “good.” It’s currently ranked 29 on a list of the 10,000 most common passwords.

The problem, according to Stockley, is that it’s virtually impossible to know whether a web site is using an effective meter or whether they’re using any number of programs that fail to notify users of their easily-cracked passwords. There’s also the problem of following a meter’s prompts to increase the strength of a password by adding a number or capitalizing a letter. Hackers aren’t oblivious to this ploy, and can do the same.

If you can’t trust the meter, now what? Naked Security’s advice is to avoid quotations, pet names, birthdays, or social media references. Try to come up with utter nonsense involving uppercase, lowercase, numbers, and punctuation at least 14 characters long. If it’s a phrase you’ve heard on Star Trek, it’s probably not going to do you any good.

[h/t Slate]

nextArticle.image_alt|e
arrow
History
The Queen of Code: Remembering Grace Hopper
By Lynn Gilbert, CC BY-SA 4.0, Wikimedia Commons

Grace Hopper was a computing pioneer. She coined the term "computer bug" after finding a moth stuck inside Harvard's Mark II computer in 1947 (which in turn led to the term "debug," meaning solving problems in computer code). She did the foundational work that led to the COBOL programming language, used in mission-critical computing systems for decades (including today). She worked in World War II using very early computers to help end the war. When she retired from the U.S. Navy at age 79, she was the oldest active-duty commissioned officer in the service. Hopper, who was born on this day in 1906, is a hero of computing and a brilliant role model, but not many people know her story.

In this short documentary from FiveThirtyEight, directed by Gillian Jacobs, we learned about Grace Hopper from several biographers, archival photographs, and footage of her speaking in her later years. If you've never heard of Grace Hopper, or you're even vaguely interested in the history of computing or women in computing, this is a must-watch:

nextArticle.image_alt|e
iStock
arrow
holidays
The Plugin That Keeps the Internet From Spoiling Santa Claus
iStock
iStock

During simpler times, the biggest threat to a child's belief in Santa was usually older siblings or big-mouthed classmates. Today, kids have access to an entire world wide web, full of potentially Santa-spoiling content. Luckily, there's a plugin that helps parents maintain their kids’ innocence through the holidays.

Created by the virtual private network provider Hide My Ass (HMA), the free software analyzes web activity for any information that might threaten to “bring a child’s belief in Santa crashing down.” In place of the problematic content, the plugin brings up an image of the jolly man himself. Typing the phrase “Santa is not real” into Google, for example, will instead take you to a web page showing nothing but a soft-focused St. Nick pointing into the camera and staring at you with judgmental eyes. The plugin is also designed to work for social media communications, internet ads, and articles like this one.


Hide My Ass

According to a survey of 2036 parents by HMA, one in eight children in the U.S. have their belief in Santa ruined online. Whether it's because of the internet or other related factors, the age that children stop believing in Santa is lower than ever.

The average age that current parents lost their faith in Santa Claus was 8.7 years old, and for today’s kids it’s 7.25 years. Concerned parents can download the plugin for Chrome here, though it may not be enough to hide every type of Santa spoiler: Of the parents who blamed the internet, 26 percent of them reported kids snooping over their shoulder as they shopped for gifts online.

SECTIONS

arrow
LIVE SMARTER
More from mental floss studios