A password's strength depends on various factors (as discussed in the other sections of Password Analytics). Enterprises that use password based autentication system should ensure that their password system is strong and their passwords are secure, both in design and implementation. By performing strength tests, enterprises ensure that their password hashes are salted, passwords have a minimum length, uses a combination of small and large characters, numbers and special characters, and more. An organization can perform strength testing through multiple ways.
There are other ways to test the strength of passwords or design and implementation of secure applications, other than the ones discussed below. Our aim at password analytics is to educate our users with the most feasible ways and hence we chose to discuss on the below techniques.
Testing the system by feeding passwords of varied length and strengths. This can be done by creating automated or scripted user accounts with random passwords to test the authentication system and determine if the password authentication system accepts user passwords that does not comply to the policy, or in other words weak password acceptance testing.
Testing the system and its passwords stored by attempting to crack passwords using rainbow-crack, dictionary, hybrid or bruteforce attacks and thereby testing not only the authentication system or the password strengths, but also the perimeter system, authentication failure policy implementation and various other aspects of security.