Sunday, May 13, 2012

Are Your Passwords Complex Enough?

One of the common rules of password security is to never pick a dictionary word or a minor substitution of a dictionary word as a password.  Despite this well known adage, many password complexity filters will verify the number of uppercase, lowercase, numerical, and special characters, as well as length, yet will never check to see if the password contains a dictionary word.  In this article, I demonstrate the development of a Perl based password complexity filter that will check to see if a password contains a dictionary word or a minor variant of one.  The article can be accessed here: The Development of a Perl-based Password Complexity Filter

For anyone interested in using this methodology in their own Perl applications, the technique described in the article has been incorporated into the Data::Password::Filter  module by Mohammad S Anwar.  The Perl module can be found here:

No comments: