What is a password security checker?
A password security checker is a tool that evaluates the strength of digital passwords. The checker assesses the password’s resilience to being guessed outright or cracked by cybercriminals using computer-automated hacking tools.
When a user creates a password, the security checker ranks its effectiveness using sophisticated algorithms and displays the result to the user. The checker aims to warn users if they’re creating vulnerable passwords, encourage them to use stronger ones, and improve the user’s overall privacy and security online.
Ready to test the strength of your passwords? Try the free and secure Bitwarden Strength Tester.
Why strength checkers are password security motivators
When people open an electronic account, they’re usually asked to create and enter a password. The system might suggest an auto-generated password it deems highly secure. Once the user enters a chosen password, the security checker displays its ranking using categories such as “weak,” “fair,” and “strong.” It sometimes depicts the result graphically, such as with a color-coded bar, to grab the user’s attention.
As depicted in the password strength test chart, the greater the password’s length, complexity, and randomness, the stronger it is. To objectively calculate the strength, security checkers award points to longer passwords and those that use a full combination of symbols, numbers, and uppercase and lowercase letters. Similarly, most checkers deduct points when passwords contain easily guessed words and, often, those that repeat two or more letters or digits in a row—characteristics that make them easier for hackers to compromise.
Carnegie Mellon University research has found that password security checkers do indeed improve password strength and security, particularly if the checker is strict in its scoring. It also indicates that showing a password’s score in numeric or graphical form motivates users to create stronger passwords than they otherwise would.
Password security progress and challenges
To authenticate users in today’s digital world, electronic systems might use a combination of a user name, email address, password/passcode/personal identification number (PIN), the answer to a security question, and other challenges that rely on information the user knows.
In today’s world, weak or reused passwords will not keep you protected. Plus as computer power and connectivity increase, so do the capabilities of hackers looking to crack more accounts.
The cybersecurity/hacking race is neck and neck, with the “good guys” diligently trying to stay a step ahead of the computer-automated dictionary and brute-force capabilities hackers use to breach user identity, accounts, and organizational data repositories.
An effective cybersecurity approach strikes just the right balance between protection and usability. If security procedures become overly intrusive or time-consuming, users are more likely to circumvent them. At the same time, making security standards too simple increases risk.
This gap is reflected in recent studies. For example, it’s estimated that while 93% of people are aware of password security best practices, 84% still admit to reusing passwords across more than one site, according to 2022 research by Bitwarden.
Who can blame them? Most of us have tens, if not hundreds, of online accounts. Even people with impeccable memories find it impossible to remember complex strings of random information that can be 10 characters or longer, without a memorable pattern.
WebTribunal.net, an independent review site for tech, financial, and business-related services, reported the following eye-opening statistics in April 2022 that further illustrate what we’re up against:
The password "123456" is now used by more than 23 million people.
Compromised credentials are the most common cause of malicious attacks, accounting for 61% of breaches.
59% of Americans use a person’s name or a family member's birthday as a password.
Two out of every five people have had their identities hacked, passwords compromised, or sensitive information breached because of duplicate and outdated passwords.
Password tips, solutions, and best practices
The solution to lax user behaviors has multiple dimensions, starting, of course with user education about password security best practices. In addition, the software industry is working to make passwords stronger yet simpler to use. For example, a strong password generator creates difficult-to-crack passwords; security checkers verify a password is strong enough to protect your online data, and password management software circumvents the memorization problem altogether. Secure password managers, such as Bitwarden, put all your passwords in an end-to-end encrypted database and require you to remember only one master password that unlocks your password vault.
Moreover, passwords are increasingly being used in conjunction with two-factor and multi-factor authentication that introduce additional data verification points to thwart hackers. In these setups, passwords combine with other user-unique information —a biometric fingerprint, for example, or a one-time code sent to a user's smartphone number or email address. Some setups add CAPTCHA challenges, requiring the user to perform a task that an automated password-cracking bot can’t do, such as clicking on specific items in an image.
Keeping in mind the importance of security-usability balance, it’s a good idea to:
Educate employees and consumers about the risks of weak and reused passwords.
Require hardened passwords with assistance from a security checker that stringently evaluates their strength.
Implement a password manager, so users don’t have to memorize many complex and frequently changing passwords.
Use two- or multi-factor authentication to make the hacker’s job harder.
To learn more about the latest password and security trends, read Bitwarden’s 2022 second annual survey results. For a summary of U.S. federal security practices and advice, download Bitwarden’s February 2022 report.
Getting started with password management
A password manager is a software solution that enables you to safely generate, store, and manage personal or business account login credentials. With this technology, the process of generating and maintaining long, complex, and random passwords is easier and far more secure than generating complex passwords manually.
Bitwarden is a strong password manager designed to securely store all of your logins across all of your devices. Bitwarden offers plans that are ideal for both individuals and businesses. Find the plan that best fits your needs.