[Windows] Audit (some) passwords with Password Security ScannerDecember 21, 2011 4 Email article | Print article
Think you (or someone you know) have weak passwords? Then you (or the person you know) need to read dotTech’s advice on how to have strong passwords. Still unsure about your (or someone else’s) passwords? Then give Password Security Scanner a try.
What Is Password Security Scanner
Password Security Scanner is a small utility (created by our favorite NirSofer from NirSoft) that audits passwords. It scans your computer for relevant passwords and, without actually showing the passwords, displays the following security information regarding each password:
- Item Name: The name of the item. For Web site passwords, the address of the Web site is displayed. For email passwords, the email address is displayed.
- Password Type: The type of the password: Web Browser, Messenger, Email, or Dialup/VPN.
- Application: The application that stores the specified password item: Microsoft Outlook, Firefox, Internet Explorer, and so on…
- User Name: The user name that is used with the specified password item.
- Password Length: The total number of characters in the password.
- Numeric: The total number of numeric characters (0 – 9) in the password.
- Lowercase: The total number of lowercase characters (a – z) in the password.
- Uppercase: The total number of uppercase characters (A – Z) in the password.
- Other Ascii: The total number of non-alphanumeric characters in the password.
- Non-English: The total number of non-English characters in the password.
- Repeating: The total number of repeating characters in the password. For example, if the password is abcdab, then the ‘Repeating’ value will be 2, because both a and b characters appears more than once.
- Password Strength: The strength of the password, calculated according to number of parameters, including the total number of characters, number of repeating characters, type of characters used in the passwords, and more…
The numeric value displayed in this column represents the strength of the password, according to the following list:
- 1 – 7: Very Weak
- 8 – 14: Weak
- 15 – 25: Medium
- 26 – 45: Strong
- 46 and above: Very Strong
- Windows User: The Windows user that owns the password. For most passwords, this column will display the current logged-on user. However, for Dialup passwords of Windows, you might also see the passwords of other Windows users, and in those cases, this column will display the Windows users that created the dialup password.
Does It Work On All Passwords?
No. Password Security Scanner currently only works with a handful of applications, with NirSofer promising to add support for more applications in later updates.
The applications who’s passwords Password Security Scanner can currently audit are:
- Internet Explorer (version 4 through 9)
- Firefox* (all versions)
- Dialup/VPN passwords of Windows**
- MSN/Windows Live Messenger
- Microsoft Outlook
- Windows Mail
*Password Security Scanner won’t be able to audit Firefox passwords if a master password is used.
**Users must run Password Security Scanner with administrator access in order to get dialup passwords.
Does It Crack My Passwords?
No. Password Security Scanner does no cracking. All passwords it audits are freely available by the specific application that stores it. For example, unless you use a master password in Firefox, any and all stored passwords are available to anyone that looks under Options -> Security -> Saved Passwords. Password Security Scanner simply scans for these freely-available passwords.
To assist in not wasting your time looking at “strong” passwords, Password Security Scanner has the ability to not audit passwords longer than X characters (you set X) and/or to only display passwords with strength lower than X (you set X):
The Advanced Options are found via Options -> Advanced Options.
As with all NirSoft apps, Password Security Scanner: Can generate an HTML report of the results; save results in a TXT, CSV, or XML file; can copy results; and has a built-in search function.
Although Password Security Scanner has limited usefulness since it only supports a handful of programs, it is a very good self-check tool for people who tend to use weak passwords; and it is very useful for helping friends and family improve their passwords. If nothing else, then Password Security Scanner can at least show people how vulnerable your passwords are when stored in some applications, e.g. Firefox’s password saver.
You can grab Password Security Scanner from the links below:
Version reviewed: v1.00
Supported OS: Windows 2000/XP/Vista/Win7
Download size: 60-120 KB depending on the version you download
Malware scan: Jotti malware scan results (0/20)