Securing your accounts just got a whole lot easier.
Researchers from Carnegie Mellon University's CyLab Usable Privacy and Security Laboratory and the University of Chicago have developed a new password meter that educates people on how they can make their password stronger. The project is open source and can be added on to existing services.
This is particularly important in a time when passwords are easier than ever to crack. While passwords themselves can be bypassed, it's still important to keep passwords strong to protect against brute force attacks, which is when hackers try guessing your password over and over until they're successful.
The password meter aims to motivate people to use better passwords by educating them about why their passwords are weak and providing suggestions about what they can do to make them stronger.
The idea of a password meter is not completely new, many websites have begun offering feedback about password strength. Here's Google's for instance, with the password "mashable2017":
Despite being labeled as "strong" by Google, the same password basically gets a "try again" with some context from this new tool.
The meter states: "Don't use words used on Wikipedia," "avoid using dates like 2017," and also provides a better option. Each of the reasons can be expanded to learn more.
If you use "password," for example, the meter responds with "Your password must not be an extremely common password."
The meter uses a neural network to scan a large database of existing passwords and identify trends. Then it checks the user's entered password against these to figure out if it's something attackers may guess.
"For example, if you change Es to 3s in your password, that’s not going to fool an attacker. The meter will explain about how prevalent that substitution is and offer advice on what to do instead,” said Blase Ur, the study's lead author, in a statement.
The site also features a guide for creating strong passwords:
The researchers found that providing data-driven feedback made a huge difference in security as compared to just labelling the passwords as weak or strong. You can try the demo for the service here.