This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Passfault"

From OWASP
Jump to: navigation, search
(Acknowledgements)
m (Cleaned up links)
Line 44: Line 44:
 
== Articles ==
 
== Articles ==
  
[[http://www.zdnet.com/blog/identity/your-passwords-dont-suck-its-your-policies/482 "Your Passwords don't Suck, its your Policies" - ZDNet]]
+
''Your Passwords don't Suck, its your Policies''
 +
[[http://www.zdnet.com/blog/identity/your-passwords-dont-suck-its-your-policies/482 ZDNet]]
  
[[http://midsizeinsider.com/en-us/article/passfault-redefining-password-strength "Redefining Password Strength and Creation" - MidsizeInsider, IBM]]
+
''Redefining Password Strength and Creation''
 +
[[http://midsizeinsider.com/en-us/article/passfault-redefining-password-strength MidsizeInsider, IBM]]
  
[[http://nakedsecurity.sophos.com/2012/05/25/how-long-would-it-take-to-crack-your-password/ "How long would it take to crack your password" - Naked Security, Sophos]]
+
''How long would it take to crack your password''
 +
[[http://nakedsecurity.sophos.com/2012/05/25/how-long-would-it-take-to-crack-your-password/ Naked Security, Sophos]]
  
  

Revision as of 21:28, 24 February 2015

Passfault-header.png

OWASP Passfault

OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. Passwords don't have to be annoying!


Introduction

OWASP Passfault is more ...

Accurate 
Measures the size of password patterns and identifies more weak passwords, yet allows strong passwords that don't match traditional password policies
Informative 
Provides detailed analysis of the password and sub patterns within the password, so users quickly learn how to make strong passwords without training.
Simple 
Presents the password strength as the "time to crack" to help communicate the risk of poor paswords, providing the incentive to create stronger passwords.
Powerful 
Empowers administrators to know and control the strength and risk of the organization's passwords.


Description

When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength.

When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: the number of passwords found in the password patterns. This measurement is made more intuitive and meaningful with an estimated time to crack.


Licensing

OWASP Passfault is free to use. It is licensed under the [Apache License version 2.0] .

What is Passfault?

OWASP Passfault provides:

  • Password Strength Evaluation
  • Password Policy Replacement


Presentation

Passfault-prezi-thumbnail.png

Articles

Your Passwords don't Suck, its your Policies [ZDNet]

Redefining Password Strength and Creation [MidsizeInsider, IBM]

How long would it take to crack your password [Naked Security, Sophos]


Quick Download

[downloads]


Demo Page

[demo site]


Project Leader

Cam Morris


Related Projects


Ohloh


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Apache-feather-small.gif
Project Type Files CODE.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Passfault&oldid=190238"