Check Your Passwords
March 4th, 2008 (1:00pm) Mike Gunderloy 7 Comments
“Strong passwords.” That’s one of the mantras of online security, along with looking for SSL connections and using unique passwords for each site you register at. But do you know how strong is strong? If you need some help evaluating the security of a password you’re planning on using, try the Microsoft Password Checker. In addition to being an AJAX tool - so that the password you’re checking never actually leaves your own computer - it includes tips on creating good passwords.
Of course, if you’re really using unique passwords for every site, you’ll also want to implement some sort of password-management tool, like the ones we’ve reviewed in the past. The best of these utilities will even generate unique, strong passwords for you.
7 Comments Post your own comment
JC says: March 4th, 2008 1:19pm
«an AJAX tool - so that the password you’re checking never actually leaves your own computer»
How are these two related? I think that it would be really guaranteed that the password is not sent if it were NOT an AJAX tool (remember, AJAX = XmlHttpRequest — if it’s AJAX, something is sent).
wraith808 says: March 4th, 2008 1:56pm
Wrong. That’s one of the reasons AJAX is in such wide use, and what the A in AJAX stands for Asynchronous. AJAX = Asynchronous Javascript and XML. Extra data is retrieved from the server using XmlHttpRequest at the time the page is loaded, so that the Javascript function calls _do not_ have to go back to the server, increasing response of web applications, and keeping the data within the client until it specifically requests that the data be sent back to the server.
Mike Gunderloy says: March 4th, 2008 2:16pm
In any case, calling this AJÅX was a mistake on my part; the password-strength checking is implemented in client-side JavaScript.
ZeddZull says: March 4th, 2008 3:15pm
Just to set the record straight - wraith is wrong - AJAX allows any data to be sent and retrieved from a Web server without having to refresh the page. It may happen when the page is loaded, but more frequently after the user has done something, such as entered a password. It would make perfect sense for a password checker to be AJAX-based (except for the obvious privacy issues) because you would like to submit the entered password to a server-based algorithm for checking - something that could be substantially more powerful than what client-side Java code might do.
Ian Prince says: March 5th, 2008 1:34am
The Javascript function called is here. From a quick look it seems to be doing the check locally and not sending any data out over HTTP. Doesn’t seem very sophisticated though.
Katalog Stron says: March 5th, 2008 8:59am
It seems to be useful tool.
wraith808 says: May 2nd, 2008 10:12am
No, in fact I’m right. Asynchronous Javascript and XML. Even though the parts of the page are updated from the server, other parts don’t have to be. So just because one part of the page is updated from the server, the whole page doesn’t have to be, i.e. the part that’s updated in Javascript on the client-side as stated by another user. I might not have been as clear as I should have been… but no, the fact that it’s AJAX doesn’t mean that it *has* to submit to the server.