It’s no secret that using passwords like “1234″, “qwerty”, “password” and any similar easily-guessable variants is a very bad idea, and one that could see your web account hacked before you can say “I guess that was my fault, really”.
Okay, so you know this, but do all the other users on your PC? What kind of password choices are they making? If you’re curious, then NirSoft’s latest release, Password Security Scanner, can help you find out.
Launch the program and it scans your system for saved passwords in all its supported application: Internet Explorer, Outlook, Windows Messenger, Windows Live Mail and Firefox (though the latter can’t be accessed if they’re protected by a master password).
And in just a second or two you’ll see whatever the program has found: the application, username, key details about the application (its length, number of numeric, lower or upper case characters, and so on), as well as a numeric measure of its strength. Which the author defines as, Very Weak: 1-7, Weak: 8-14, Medium: 15-25, Strong: 26-45, and Very Strong: 46 or over.
What you won’t see, however, is the password itself. This is good in one way, as it allows you to spot problems — a very short password, say — without the users in question feeling like their privacy has been too compromised. But of course it also means that users will be able to use dictionary words and very common passwords without the program picking it up, which is a definite weakness.
Still, if you’re not currently auditing the passwords stored on your PC at all, then using the Password Security Scanner will already be a very big step forward. And author Nir Sofer has also said that he’ll be adding support for accessing the passwords stored in additional applications, so we’ll be interested to see what happens in future versions.