This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Passfault"
Cam Morris (talk | contribs) |
Cam Morris (talk | contribs) |
||
Line 8: | Line 8: | ||
==OWASP Passfault== | ==OWASP Passfault== | ||
− | OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. | + | OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. Passwords don't have to be annoying! |
==Introduction== | ==Introduction== | ||
− | + | OWASP Passfault is more ... | |
; Accurate : Measures the size of password patterns and identifies more weak passwords, yet allows strong passwords that don't match traditional password policies | ; Accurate : Measures the size of password patterns and identifies more weak passwords, yet allows strong passwords that don't match traditional password policies | ||
; Informative : Provides detailed analysis of the password and sub patterns within the password, so users quickly learn how to make strong passwords without training. | ; Informative : Provides detailed analysis of the password and sub patterns within the password, so users quickly learn how to make strong passwords without training. | ||
Line 19: | Line 19: | ||
==Description== | ==Description== | ||
− | When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength. | + | When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the ''size of the patterns and combinations of patterns''. The end result is a more academic and accurate measurement of password strength. |
When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: '''the number of passwords found in the password patterns'''. This measurement is made more intuitive and meaningful with an estimated time to crack. | When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: '''the number of passwords found in the password patterns'''. This measurement is made more intuitive and meaningful with an estimated time to crack. | ||
Line 28: | Line 28: | ||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
− | |||
== What is Passfault? == | == What is Passfault? == | ||
Line 39: | Line 38: | ||
== Presentation == | == Presentation == | ||
− | Presentation given at OWASP SnowFROC in Denver: | + | Presentation given at OWASP SnowFROC 2012 in Denver: |
− | [[http://prezi.com/sxwintkozwhb/owasp-passfault-better-password-policies/]] | + | [[File:Passfault-prezi-thumbnail.png|link=http://prezi.com/sxwintkozwhb/owasp-passfault-better-password-policies/]] |
+ | |||
== Articles == | == Articles == | ||
+ | |||
[[http://www.zdnet.com/blog/identity/your-passwords-dont-suck-its-your-policies/482 "Your Passwords don't Suck, its your Policies" - ZDNet]] | [[http://www.zdnet.com/blog/identity/your-passwords-dont-suck-its-your-policies/482 "Your Passwords don't Suck, its your Policies" - ZDNet]] | ||
[[http://midsizeinsider.com/en-us/article/passfault-redefining-password-strength "Redefining Password Strength and Creation" - MidsizeInsider, IBM]] | [[http://midsizeinsider.com/en-us/article/passfault-redefining-password-strength "Redefining Password Strength and Creation" - MidsizeInsider, IBM]] | ||
Line 48: | Line 49: | ||
[[http://nakedsecurity.sophos.com/2012/05/25/how-long-would-it-take-to-crack-your-password/ "How long would it take to crack your password" - Naked Security, Sophos]] | [[http://nakedsecurity.sophos.com/2012/05/25/how-long-would-it-take-to-crack-your-password/ "How long would it take to crack your password" - Naked Security, Sophos]] | ||
− | |||
− | + | | valign="top" style="padding-left:25px;width:200px;" | | |
+ | == Quick Download == | ||
+ | [[https://github.com/c-a-m/passfault/releases downloads]] | ||
− | |||
− | * [[ | + | == News and Events == |
+ | * [20 Nov 2013] News 2 | ||
+ | * [30 Sep 2013] News 1 | ||
+ | == Project Leader == | ||
− | + | [[User:Cam_Morris|Cam Morris]] | |
− | |||
− | + | == Related Projects == | |
+ | * [[Password_Storage_Cheat_Sheet]] | ||
− | |||
− | |||
− | |||
==Classifications== | ==Classifications== |
Revision as of 00:05, 1 February 2014
OWASP PassfaultOWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. Passwords don't have to be annoying! IntroductionOWASP Passfault is more ...
DescriptionWhen setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength. When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: the number of passwords found in the password patterns. This measurement is made more intuitive and meaningful with an estimated time to crack.
LicensingOWASP Passfault is free to use. It is licensed under the [Apache License version 2.0] . |
What is Passfault?OWASP Passfault provides:
PresentationPresentation given at OWASP SnowFROC 2012 in Denver:
Articles["Your Passwords don't Suck, its your Policies" - ZDNet] ["Redefining Password Strength and Creation" - MidsizeInsider, IBM] ["For Better Password Policies" - Turnlevel, Partnet] ["How long would it take to crack your password" - Naked Security, Sophos]
|
Quick Download
News and Events
Project Leader
Related Projects
Classifications |
- Q1
- A1
- Q2
- A2
Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of XXX, the priorities are:
- xxx
- xxx
- xxx
Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- xxx
- xxx
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|