Sola of America, Inc.

Part 2 of 2: Testing Password Strength with PasswordMonster.com

by

Michael
in

Introduction

This article represents the continuation of a 2-part series on testing password strength using the website PasswordMonster. In the first part, which you can find here, we discussed using the auto generation feature in accoca to effortlessly create various passwords for testing. While I hope most readers understand without my stating it, please DO NOT TEST ANY PERSONAL PASSWORDS. I understand writing in all-caps and bold is an obnoxious format and I do not like using it. However, it is a point so important it needed to be emphasized. What’s more, all passwords tested in this two-part article series are not used in any actual/live accounts. Likewise, any sample passwords presented in these articles should not be used for any current or future accounts. Ever. By the very nature they are posted online on a public website, they are considered, as they should be considered, compromised passwords.

To recap, using accoca we generated three passwords of increasing difficulty. The ‘easiest’ generated password used only upper and lower-case letters. The ‘moderate’ difficulty password incorporated upper-case, lower-case, and numbers. The ‘master’ difficulty password incorporated all four elements. Each password was 14-characters in length. They are:

  • Easiest: aqMUtYAGkpwrTK
  • Moderate: UbBy1rRw8ThPEJ  
  • Master: h7FTD5M$&EH#t6

Included in the above-generated passwords are a handful of simpler, made-up passwords to test alongside them.

  • A true classic: Password123!
  • Personalized: $$McCauley1967$$
  • L337: 48sn1p3r!!$

I’m excited to see the results. Let’s get into it!

Previous Articles

Below are links to some of Sola’s other articles about accoca. The articles take less than 5 minutes to read and help provide insight into both the purpose of accoca as an app and how to generate difficult to hack passwords.

Password Manager accoca

What is a Password Manager (Vault)

How to Generate Strong Passwords

OTPs and accoca

Where to Download

accoca is available on the Apple App Store—linked below. A couple of key features to note: the app is free to use and Sola of America, Inc. does not collect any personal data from its users. For those wanting to unlock unlimited entries, OCR text detection, and customizable, auto-generated passwords, accoca offers a $7.99 lifetime purchase price. The fully unlocked version can be restored on another device by logging in with the same AppleID.  

NOTE: At the time of writing this article, accoca’s lifetime purchase price remains $7.99. A price increase is coming later this summer as Sola invests in improvements to the app. If you haven’t unlocked the complete version, do so now before the price increase!

Password Manager accoca

Testing the Easier Passwords

After navigating to PasswordMonster.com, testing passwords is as simple as typing them into the large text box and waiting for feedback. I performed a fair amount of research in preparation for writing these articles. Various forums online seem to think PasswordMonster is a decent-enough website. All agreed that inputting actual passwords was a foolish practice and should be avoided, despite PM’s bolded disclaimer stating it does not store tested passwords. It reads: Your passwords are never stored. Even if they were, we have no idea who you are! Remember that website hosting providers nearly always capture information about the device, web browser, and IP address while visiting. Each tested password prompts feedback. See below:

Password123! Results

Not every test result provided a humorous review like Password123! However, I agree with PM’s feedback in that using a ridiculously simple password provides weak security and leaves the user open to attack.

$$McCauley1967$$ Results

In this example, PasswordMonster states it would take 7,000 years to crack the password. Since the number of years seemed exaggerated, I found another password strength tester on Bitwarden’s website. Their results were 13 years. Yet another website, strongpasswordgenerator.org’s Password Checker thinks it would take 37 centuries, or 3,700 years to crack. Personally, splitting the estimates between the three services feels reasonable. Likely this password would take several thousand years to break.

48sn1p3r!!$ Results

Interestingly enough, this third self-generated password was weaker than the above. PasswordMonster stated it would take only 2 days to crack. Bitwarden estimated 10 days, and strongpasswordgenreator.org [abbreviated in this article as SPG.org] says 27 years. If anyone has seen the movie or read the book Minority Report, in this instance I think we use the estimate agreed-upon by two services and exclude the third site, the so-called minority report. The results are in… 48sn1p3r!!$ is a weak and easily guessed password.

aqMUtYAGkpwrTK Results

PasswordMonster immediately came back with a hack time of 2 trillion years. Bitwarden’s assessment was centuries, and SPG.org stated 32,000 years. Once again, I’m suggesting the outlier ‘trillion-year’ figure get tossed and we assume the password would take minimum several thousand years to break.

UbBy1rRw8ThPEJ Results

One cannot help but laugh at the results of this password’s strength. PW Monster provided a very specific “213 billion” years to break the password. The other sites yielded the same results as our previous example of centuries and 32,000 years. Suffice it to say, this password’s complexity seemed to reach the top of the testing scale for the other two testing sites.

h7FTD5M$&EH#t6 Results

The results from this password test exceeded expectations. PW Monster provided a ludicrous 73,000-million year crack time. That’s a number so large I cannot even count it. Bitwarden stated centuries again, confirming that’s their top password rating. SPG.org’s counter came back with 3 million years, proving their scale goes beyond a 32,000 years rating, which I was not expecting based on the previous password’s testing results.

Conclusion

Looking back, this was such a fun article series to write. Sometimes you pick up suggestions or recommended best practices for certain things. I’d always heard the upper-case, lower-case, number, symbol, and 14-character minimum password requirements as being foundational for strong password generation. In this article we really put those suggestions to the test, and I appreciated the results confirming previous suspicions.

As always, we at Sola hope you enjoy the articles. Please leave any feedback or suggestions for future content in the comments below. They are monitored, and we always appreciate input from our user base. You all are what make Sola possible. Until next time!

Where to Download

accoca is available on the Apple App Store—linked below. A couple of key features to note: the app is free to use and Sola of America, Inc. does not collect any personal data from its users. For those wanting to unlock unlimited entries, OCR text detection, and customizable, auto-generated passwords, accoca offers a $7.99 lifetime purchase price. The fully unlocked version can be restored on another device by logging in with the same AppleID.  

NOTE: At the time of writing this article, accoca’s lifetime purchase price remains $7.99. A price increase is coming later this summer as Sola invests in improvements to the app. If you haven’t unlocked the complete version, do so now before the price increase!

Password Manager accoca

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *