How strong is your password?

No matter how good the software running on a website is, there is always the human factor. If your password is “test”, “1234”, “qwerty” or anything obvious then you are putting your blog at risk of having it hacked. For that reason the password change form on the profile page now checks how strong your password is.

A password can have four levels of strength:

  1. Too short
  2. Bad
  3. Good
  4. Strong

Please try to make your passwords “strong”, but we’ll accept “good” passwords too. It makes it a bit harder to change your password but the extra effort is worth it.

We’re using this code by Phiras. Thank you Phiras for making it available! I’m going to integrate this into WPMU soon as strong passwords are so important for site security.

Wow! It’s ages since I’ve made a post about a new feature here. There’s a good reason for that. My wonderful son Adam was born on April 21st and had a small bit to do with my lack of updates. I’m working on a few more things now so I’ll be back to blog about more goodies soon!


Missing out on the latest WordPress.com developments? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

Join 16,567,984 other followers

Donncha

116 Comments

Comments are closed.

  1. dinsan

    Congrats first……………….. wishing all good for your son…

    password strength counter is a cool one.. :) will this be available for self hosted blogs?

  2. calupict

    This is pretty good stuff.

    By the way, Adam is sooo cute.

  3. TiDeS

    Good feature added..

  4. John Lloyd

    Donncha, congratulations. Adam looks like a beautyfull baby.

    Thanks for the concern about PWs. As an ex-geek, I recall promoting good passwords to people with whom I worked. It was a difficult sale.

    I recommended using a readily memorable phrase, extracting the initial letters from it, and substituting numerals and punctuation for some of those letters. There are lots of illustrations on the Web of how to do this. Perhaps it will help some users to create secure passwords.

    That said, I realize I’m using a relatively less secure PW. I ought to update mine.

    Thanks, too, for the lesson in creating high key portraits!

  5. photoallan

    If its WordPress, it has to keep getting better. No doubt WP beats the best in the biz.

    Can this new feature be termed as a ‘User Generated’ one? If yes, I bet there’re 1,053,448 bloggers building WordPress.

  6. kenfrog

    thanks for the tip.

  7. pascal

    Μy password is “ebt76543jq”. I guess it’s very strong, isn’t it? ;)

  8. MadMark

    Thank you for new improvement!!

  9. Brian

    I use a string of random letters and numbers for my password.

  10. icedmocha

    Congrats on the birth of your son. He’s a cutie!

  11. anas

    Great thing, It was something I hope before

  12. Amy P

    Thanks for the reminder about security. And congratulations!

  13. Righteously Insane™

    Congratulations on your son’s birth~!

    Regarding the password feature, this is excellent! It’s also nice to know that the password I’ve been using for quite some time now is considered strong.

    Cheers!

  14. Rushi Vishavadia

    Congrats !

  15. Keith Olbermann Is Evil

    Cute baby!

  16. gwhiz

    Two great new additions! Congrats and make sure to help mom get some sleepy time in. Pay now or PAY later ;)

  17. noshowerfamily food blog

    pascal, now that you’ve given us your password, it’s not that strong anymore. :P

  18. Elehzya

    Good work! I remember once getting yelled at by customers that they needed any password at all to access their account details (incl credit cards!) and especially one that had so many rules on how to make a password. I don’t understand why people wanted their accounts to be so unsafe, and then whinge later if someone broke into their broadband (and actually got it turned off). *sigh* Anyway, smart thinking!

  19. Anita Marie

    Take your time and enjoy your Son…ain’t nothing like the real thing Baby.
    amm

  20. Tana

    I’d never tested my passwords, so it was interesting to give them a test :) Thanks.

  21. Scotti

    Your son is beautiful! Welcome back and thanks for the updates.

    Babies are a gift from God! Praise the Lord for this amazing present and precious life He has given you.

    P.S. I share the same birthday with Adam.

    Blessings to you,
    Scotti

  22. ish

    Is it essential to change the password or are you just suggesting we should do it?

    Congratulations for the birth of your son.

  23. Chittaranjan

    Strong Password, huh? How about $t0|\|ec0|_|)$te\/e@|_|$t||\|
    :mrgreen:

    and Congratulations for your li’l bundle of joy.

  24. Craig

    It’s helpful.

    Congratulations!

  25. Woeful

    Thanks for the update!

  26. reinkefj

    I don’t know what my passwords are. (Safer if I am deemed a terrorist and tortured. No information to give up.) ROBOFORM handles all my passwords for me. :-)

  27. Pingback: Weblog Tools Collection » Blog Archive » How strong is your password?
  28. Jan

    Nice idea, but it has many weaknesses. It does not consider the possibility of dictionary attacks – it considers “0123456789” to be a good password. In reality, a dictionary attack would break it within quite a short time (I think about 20000 attempts at max.)

    Additionally, I do not think this much paranoia is necessary. A bruteforce attempt against a password not in a dictionary, consisting of 6 random lowercase characters, using 10 attepts per second (and 36000 failed login attempts per hour on one blog would probably alert the admin team!), running for 10 days 24/7, would break the password with a probability of 3%. However, this password is still considered “bad”. Even an 8-lowercase-letter password is considered bad. The same bruteforce attack, running for a whole year, would have a 0.15% chance of breaking the password!

    If anyone wants to hack some blogs, he is going to do a simple dictionary attack, so nearly ANY password not in a password cracking dictionary (qwertz, 123456, asdf and similar things ARE in such dictionaries) will protect well enough. If anyone wants to hack exactly YOUR blog, he WILL infect your pc with a trojan and steal the password or sniff it from a network you use, and then even an ultra-secure password like f”gh&&sah/svSD13″bjh+§#gHW23= is not going to help you.

    In my opinion, a simple dictionary test should be run against new passwords, and maybe a minimum length of 6 characters could be imposed. Together with effective server-side login delays (if wrong password entered more than 3 times, wait 5 seconds before telling the user if the password was wrong or right, and make sure he can not circumvent this by trying thousands of passwords in parallel), this should avoid any hacking attacks. It would be more interesting to allow users to limit admin menu access to https to avoid sending auth cookies or even passwords out in plain view and if there are failed login attempts since the last successfull login, the user should get a warning in red letters “n failed login attempts since last login” together with a option to view the IPs, and maybe a “last login: (date) (time)” display.

  29. photographerno1

    Congrats , Adam welcome to World Press Planet Org.

  30. Ben

    Nice idea. Maybe you could add it to the user pages for admins who are editing other users as well?

  31. CovenantBride

    congratulations to you and ur family on your new son…tooooooooooooo sweet…and thx for all the wonderful updates u offer here…lookin forward to the password thing to be setup…be bless and enjoy your new baby… -g-

  32. materialmama

    Your baby is beautiful! A million congratulations!!!!!

  33. Nita

    Congrats on the new baby. May he have a long and wonderful life.
    About the password, I always wanted someone to tell me how good or bad my password was. Thanks.
    Right now that line is just black, I guess I need to change the password to find out how good or bad it is.

  34. Julio Fragoso

    this is awesome, and congrats on the new one…

    the life is re-cycling !

    Congrats once again

  35. Rae

    Aww such a cute baby! ^_^.

  36. Chelsea

    Sounds good!

  37. bookbabie

    Yay, another new baby in the world, you might guess I rather adore babies myself:)

  38. aleakamh

    A wonderful little boy! He has a GREAT birthday!
    My son was also born on April 21 . . . only in 2003!
    Wishing you all the best in the new adventure!

  39. tahu208

    Ok, I was wondering what the “password strenth” thing on my profile was

  40. Jordan

    Congratulations on the baby and nice feature. :)

  41. Dan | thesamovar

    Nice feature – one small bug. If you try to change your profile without changing your password it says “password too short”, and you have to re-enter your password each time.

  42. Ryan B

    I have to nod towards Jan’s idea. This is a blog, not a bank account. If you are putting that sensitive info on here, step back and ask why. People like Scoble may loose few hundred — near a thousand posts, but I doubt he would threaten to sue. I personally would loose little over 250 posts and 1200 comments, but I wouldn’t threaten to come after you guys. Yeah, I would be bummed to loose a few posts.

    Congrats on the baby.

  43. Rami Nasser

    My password is monkey, is that good? kidding, Thanks.

  44. arammos

    Congratulations first.
    But I am agree with Jan, is dummy.
    The easy rule for a strong password is: minimum 8 characters length and requires at least one number, one uppercase letter and one number. For example: w0rdpRe$$.
    Congrats again!!!

  45. newhoosier

    Congratulations! I think it’s a worthy addition–not necessarily perfect, but not intended to be either.

    And for my shamless plug, i’m calling on all Canadians to visit my blog. ;-)

  46. jewaira

    Congratulations on the beautiful baby boy

  47. ouchmanila

    no matter what I do it keeps on saying “Password is too short” though the indicator says it’s “STRONG”.

    Congrats on your lil munchkin, by the way.

  48. outeasy

    thanks, and handsome son! know U R proud! best I can do is share dog pics. free for slides sat. nite?

  49. Guimo

    i wish you and your family all the best.
    the best way to keep your password safe its changin every month. i know it keeps safe if you make stronger mixing upper case, lower case and numbers…

  50. -BoRiS-

    Good Job Dude! :)

  51. JLB

    Felicitations! And thanks for the password security improvement.

  52. Victor

    I like the idea of password strength, although it’s not 100% foolproof, ti would at least make the users more conscious of security.

    PS. Congrats on the new born baby!

  53. Calvin

    Congrats on your son! I love the password strength meter. As a System Administrator I know how important strong passwords can be, thanks for providing this service. I’ve blogged on occasion about some of my experiences as a Sys Admin and trying to deal with people who want easy passwords, instead of secure passwords – not fun at all.

  54. Pingback: WordPress improves password security « Peter H Gregory, CISA, CISSP
  55. Aaron

    Great new feature! I am glad to see that password strength is something being supported in WP and WPMU.

    I currently am finishing up my first year of teaching a basic computer class in a local college, and password strength is something that I really found to be a problem among the masses. I am so very glad to see this update in the great WP code!

  56. hazel8500

    Congratulations! Welcome baby Adam. (love that name)
    Oh yeah good feature too.

  57. Ilya Lichtenstein

    I wrote a post about generating unbreakable passwords a while back.

  58. Christoph Wagner

    whatever I try, changing my PW doesn’t work.
    I always get “Password to short” (Perhaps 32 chars is not enough?^^)

  59. trucex

    I think I have a strong password. It’s ‘aPPl3j4cks’. Is that a good password?

    Hahaha. I’m just kidding of course.

  60. r8chel

    For some unknown reason, I’m still using the password that was automatically generated when I created my blog account. According to the “Update Your Password” box, the password *that WordPress gave me* is only “Good”… and too short! Guess I should change it!

  61. Pingback: Connections: Is your password secure? « Fragmented Self
  62. Sakimichi

    I love you guys

  63. Kunal

    congratulations :)
    and a nice new feature …

  64. Farghana

    hmm i guess my password is strong enough…..but still a good feature…

    n yes Congrats on the cutie pie!!!

  65. Patrick Britton

    Congradulation! We had our first child on April 26th! Good luck and best wishes.

  66. itsmeritesh

    ooh thanks for the password strength checker link. have been wanting that for along time now. couldnt find it.

  67. પ્રતીક નાયક

    That’s very nice, already checked it.

  68. susaneb

    congratulations!! My first were twins….what chaos! They are now 18 and healthy so I made it….
    I am sure you will enjoy blogging with Adam and think where we will be technologically when he is 18…. ;-)

    Susan in Italy

  69. nederhop074

    Thanks for the update!

  70. Jim

    second the motion, Dan’s observation. This has been discussed in the forum, they eventually solved it.

    Congrats on this neat feature, hopefully you can also integrate Jan’s comments sometime. :)

  71. luisma

    That’s a great idea improving security. Thanks a lot!!!

  72. Donncha

    Thanks everyone for your kind comments about Adam! Mark told me about the “password is too short” bug and I fixed it last night so everything should work ok.
    I’d like to add a dictionary check when you submit your password but I think the current measures will do for the time being!

  73. kbpeaceforum

    Donncha,

    For new life, congratulations. For making this blog a possibility for our peace group’s efforts many thanks. For offering guidance on password suitability, great help!

    David-moderator of Klamath BasinPeace Forum

  74. r1chir0

    My password can bench 350lbs.. ten times.

  75. wabbott98

    My password is is being changes as we speak to make it as difficult as possible to crack

  76. Wais

    Thanks for this, and all the best to the extended WP family !

  77. whatthecrap?

    Uh – I guess I’d say Strong to Very Strong…
    HAH!

  78. oomm

    Thank you for implementing this great tool! Congratulations and enjoy Adam, your bundle of joy!

  79. Geo Holyhart

    Great update and congrats on the baby.

  80. phiras

    Nice work :) ,
    I have to improve my algorithm to care about more things in the future.

  81. Pingback: How strong is your password? « Vse, kar me zanima
  82. amok

    Congrats!!!

  83. Keith

    Thanks for the informative article – and want to say congratulations on the birth of your beautiful child. Children are wonderful and precious – we all need to protect and nourish them, yet provide them with guidelines as they grow. It is hard to be a parent! The magical years to me, not that there isn’t reward as they grow older is from birth to about six years old. I have many fond recollections of those years with my son.
    Wish the best for you and your child.

  84. angie

    Congrats on your son!!! And thanks for still thinking about us!

  85. fracas

    I’m late to the party, but wishing you congratulations nonetheless.

    How wonderful for you and your family!

  86. ♦Vegetsu Gokazama♦

    Mine password is 39 characters long

  87. Rein

    My daughter shares your son’s birthday too – and you know what? So does the British Queen :D

    Thanks for the heads-up. Good to see my password is graded ‘strong’ – maybe I should use it for the house alarm too ;D

  88. quotes

    Congratulations on your new “feature” and thank you for the new WordPress feature.

  89. 1ofHis

    Congratulations and God’s blessings on Adam and your family. Thanks for the reminder of password strength.

  90. b7ereket3

    I think, a password is an “asmat,” a word used by a sorcerer to cheat other people, and this kind of cheating people by utilizing strange words has been used in African countries, especially in Ethiopia.

  91. girly90

    its so good sorry but i cant give you my password 8) :mrgreen:

  92. bonusbuilder

    I was using a very weak password until I read this.
    This article has forced me to change my password.
    Very glad I read this.
    bonusbuilder

  93. abu ameerah

    i hate my password…i’m filing for divorce…

  94. srinix

    nice one…most of the WP fans can now…be even more secure!!!

    Cheerz
    Shri

  95. drjoker

    Really, a usefull indicator. thanks

  96. referenceur

    Nice Security advice ! I’ve a soft one !

  97. herrajuntero

    i just wanted to see me avatar :-p

  98. obliterated

    Congratulations on the baby!
    Thanks for the new feature.

  99. otacon

    luv this post!

    keep the good work! :) thx for the suggestions!

    Greetings!

  100. theifearth

    thanks for the info; and it feels like a dilagoue; the human-mahine talk-touch keeps surfacing in wordpress.

Follow

Get every new post delivered to your Inbox.

Join 16,567,984 other followers

%d bloggers like this: