Google password strength assessment
Recently I published a description of the password strength estimation algorithm from Microsoft ( Part 1 and Part 2 ). Now you can see what Google offers.
I encountered this check when changing my password in Gmail. Unlike Microsoft, which implemented validation with JavaScript (available for analysis), Google checks with an Ajax request to its own service.
Here is the request - you can experiment.
Passwd - password check
Returns the number 1-4, corresponding to the strength of the password.
')
Experiment! My first impressions are below the baseboard.
Upd . This paranoid thought brought one of the comments below. In addition to the password itself, the Last Name, First Name, and Date of Birth is transmitted to this service (if the password is changed to gmail). IP data can be taken from the browser. Does Google gather up too much information about us in a simple password check for persistence, and how does this relate to the legislation on the processing of personal information?
I encountered this check when changing my password in Gmail. Unlike Microsoft, which implemented validation with JavaScript (available for analysis), Google checks with an Ajax request to its own service.
Here is the request - you can experiment.
http://www.google.com/accounts/RatePassword?Passwd=PsWD Passwd - password check
Returns the number 1-4, corresponding to the strength of the password.
')
Experiment! My first impressions are below the baseboard.
Upd . This paranoid thought brought one of the comments below. In addition to the password itself, the Last Name, First Name, and Date of Birth is transmitted to this service (if the password is changed to gmail). IP data can be taken from the browser. Does Google gather up too much information about us in a simple password check for persistence, and how does this relate to the legislation on the processing of personal information?
Source: https://habr.com/ru/post/117132/
All Articles