TP: Password Strength Meters

Investigate the following password strength meters:

 Password strength checker

 How secure is my password
 Password meter

For each of the websites above, check the strengths of the following passwords (based upon the 10,000 most
common passwords):

1. iLoveYou4ever
2. password1234
3. UdM2023.1
4. !@#$%^&*
5. getYourOwnNetflixAccountPleaseThanks

Task 1: Record the strength of each password according the measure provided by the site
(Password strength checker gives a strength score, How secure is my password gives an estimate
of how long it would take to brute force the password and Password meter gives a complexity
score). [3]
Task 2: Consider each password strength meter individually, what was the strongest password
according to each one? Hint: You should observe that they do not all agree. [2]
Task 3: Record the number of times that each of those passwords has been used before according
to this useful website https://haveibeenpwned.com/Passwords. [3]
Task 4: Try to check, without revealing, the password that you use(d) for one or more of your
password related activities. List the features that account for the strength of your password? [3]
Task 5: Based upon the information gathered while answering the above questions, which
password would you choose to use and why to minimise the chance of an attacker either guessing
it or brute forcing it? [3]
Task 6: The above password strength meters have been chosen carefully but there is always a
chance that a password that you entered has been recorded. Briefly discuss what the risk is to you
of a website that does this and compare the approach used by Password strength checker and Have
I been pwned to trying to minimise the risk to you presented by these sites. [3]
Task 7: Investigate about the accuracy of password strength meters and their design and list their
advantages and disadvantages. [3]
Task 8: It is a common practice to change passwords frequently to thwart password stealth. In order
to help somebody recall his/her password without effort, briefly describe three distinct methods of
achieving this goal. [3]
TOTAL 25

Submit your answers in a pdf file with name <Your Name>PasswordStrength.pdf on Moodle. You need not write a
report, but write your name and group at the top of the file. Your answers must be as concise and complete as possible.

15 May 2023