OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple. Passwords don't have to be annoying!
OWASP Passfault is more ...
When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength.
When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: the number of passwords found in the password patterns. This measurement is made more intuitive and meaningful with an estimated time to crack.
OWASP Passfault is free to use. It is licensed under the [Apache License version 2.0] .
What is Passfault?
OWASP Passfault provides:
["Your Passwords don't Suck, its your Policies" - ZDNet] ["Redefining Password Strength and Creation" - MidsizeInsider, IBM] ["For Better Password Policies" - Turnlevel, Partnet] ["How long would it take to crack your password" - Naked Security, Sophos]
News and Events
OWASP Passfault is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Cam Morris
- University of Florida Students
- Partnet Inc. has donated paid labor on OWASP Passfault
Goal: preparation for ESAPI
- More meaningful word lists
- Frequency lists: build lists of the most common words, names. (Done for English, Spainish)
- Improved configuration of finders and wordlists
- UI improvements
- Fix backlog of issues
- experiment with configuration of wordlists
Goals: Enterprise Ready - UI improvements for learning better password strategies - Easier to configure and run, not requiring a developer to wire things up.
Other Important Goals
- OS system integration:
- running passwd on linux runs passfault
- apt-get install passfault
- Document each pattern finder on the OWASP wiki.
- JQuery Plugin: A JQuery plugin that will let a web site use either the passfault applet or a passfault JSON Service to analyze a password.
- Wordlists: We can always use better word lists. Contact us on the mailing list if you want to help.
For current bugs and smaller tasks see the issues list on github: https://github.com/c-a-m/passfault/issues?state=open
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?