Improve the Accuracy for the Weak Password Detection.
According to Proton Pass, this password is weak: !C2&e3D%BNaeyP
According to Hive Systems, Security.org, Kaspersky, Nord Pass, and Bit Warden, it is considered very secure.
If you generate a password within Proton Pass using symbols, letters, etc. with 14 characters, it considers that password secure, meaning that Proton Pass has a bias for its own generated passwords.
Side Note: The password used in this example was generated by Nord Pass.
-
Lan commented
I just testing this, and it does show it as weak. But maybe the problem is context telling why. Takes x GPUs x time to *****, reasonable ***** for single gpu person to ***** or x rented gpu per hr or company or nation state or theoretical 5 years from now.
-
Thomas Leuthard commented
It's also not possible to filter just the weak or just the vulnerable passwords in Pass Monitor. Since the number of weak passwords is so big, it's difficult to find the really vulnerable ones. A weakness rating per password from 1-10 would be helpful with the option to sort/filter by this value.
-
websiterepairguy commented
If you are going to object to a password, be more specific about the objection. Merely saying it is "weak" is not much of a hint. Also, the rules for a "weak" 7 character password should be different than those for a 14 character password. How about rules that are different for 8 characters vs. 16 vs. 24, etc? You could alter the algorithm such that the entropy of the character set decreases each time you misuse a character. Thus a password that uses the word "password" could be penalized by eliminating all the characters used in the word "password". Thus the character set decreases by 7 unique characters. Eliminating a 'p', 's', 'w', 'o', 'r' and 'd' from the character set is a better reflection of entropy than eliminating long, long passwords altogether. A better way to identify a weak password is not by penalizing individual violations, but by penalizing violations of the characters themselves.
-
Anonymous commented
The "Pass Monitor" tells me that about 400 passwords generated by Firefox (high entropy randomized strings) are weak. I do not believe it. This makes the warning useless.
-
M commented
I noticed this issue as well when coming from another password manager. Several passwords were marked as weak when they were 20 characters generated in the other password manager. Sometimes only changing one letter caused the password to change to strong from weak.