CSCD 303 Lab 2
Passwords, You and Your Friends

Due: Monday, Feb. 3rd


In this lab you will be learning about your passwords, the strength of them as security access controls and testing some of your friends and family passwords too.

Tasks and Questions

1. Read background articles on Passwords and their strengths. See links below.
Password Advice from
Passwords from Wikipedia
Dale Swanson Blog Password Advice

2. Apply What you Know at On-line Password Sites
You will try your own passwords at these sites. Report for each the score or assessment of your password - How long to crack. Read the Haystack site to understand what they are doing. Also try a couple of made up passwords and report what the score is for them.
1. Password Strength checker
2. Haystack Idea - Brute Force - from Gibson Research Corp
3. On-line Domain Tools Password Checker
4. Dale Swanson Password Checker

3. Get other people's passwords. Be clever and ask your friends and family for their passwords.
a. You can ask them directly and promise not to use them ... kind of risky. Promise you will report back the security of their favorite passwords. OR .....
b. You can present them with your laptop and get them to type them into at least one of the sites above so they can see the strength of the passwords.
c. Record the results of their/your tests with others passwords.

4. Questions
1. What is the difference between a brute force attack and a dictionary attack?
2. How much does the length affect the password's strength?
3. Was it surprising to see what the Haystack site was presenting with regards to passwords?
4. What are the tradeoffs between completely random passwords and passwords people can recall?
5. What did you learn about the passwords used by you and your friends? Are they strong enough?

Turn in Instructions

1. Answer all the questions above.
2. You can include them in an email to me.
3. Put, CSCD303-Lab2 in the Subject line.