

"…encourage your users to enter stronger passwords." - wlll
http://www.nakedpassword.com/

======
giberson
Personally I love it, however I will never ever be able to employ it on our
company website.

However, the concept of incentivizing the password entry field has inspired
me. Instead of something risqué like nudity, how about offering a coupon off
your first order (works for a commerce or service based site). Ie, as they
type, gradually increase a % from 1 to 5 (or higher, what ever you're willing
to offer).

IE, a progression like:

    
    
      |asdf      | 
      |asdf12    | %1 off first order coupon
      |asdf12KL  | %2 off first order coupon
      |asdf12KL.!| %5 off first order coupon

~~~
pavel_lishin
And when your database is out in the wild, it'll let crackers know exactly
which passwords to go after first, and which ones not to bother with!

~~~
giberson
What now?

You're statement is a little confusing. All our passwords are munged with
encryption, they all look like hash garbage. How could they differentiate?

My only guess is that perhaps you've interpreted my comment as a database
entry, rather than a UI progression--and you think that "%1 off coupon" is
stored with the login table. That clearly wasn't what I was saying--thats a
poor design. I'm saying simply offer a coupon code to users if their password
validates certain levels of difficulty. It doesn't need to be tied to the
account in anyway.

Also, I think that at the point of my database being in the wild, I'd think
hackers will be less focusing on cracking a stored password and more
interested in trying to restore the encrypted payment details?

~~~
ktsmith
If your database is in the wild and you give a discount based on password
strength they could look at the first order for each account and start working
on the hashes associated with the smallest discounts first knowing those would
be the weakest passwords.

------
knowtheory
clothed to naked with just "1!aAA" :|

What is with HN recently? I just do not understand why the uber-creep factor
is out in force.

Even if the image set is replaceable and you dont' have to use a naked lady,
that is the default demo, and the stated objective of the site is Strong
Password == Naked Lady.

Aside from the blatant sexist targeting, this is trying to take advantage of
entirely the wrong impulse. Associating a strong password with the human drive
for porn doesn't actually encourage any better understanding of strong
passwords or why they should be used.

If this were to be something like 'pwnyourpassword', and demonstrate how easy
it'd be to crack your password w/ a dictionary attack, then this wouldn't be
either as exploitative or crass.

Instead, the mechanism is, lets distribute pixel art of naked ladies to
incentivize instead of teaching/demonstrating.

Yeah, that's the society i want to live in. :|

~~~
there
_What is with HN recently? I just do not understand why the uber-creep factor
is out in force._

and yet:

 _clothed to naked with just "1!aAA" :|_

so you clearly spent some time trying to get it to display the naked lady even
after you knew what it was. creep.

~~~
knowtheory
/me laughs

Oh yes, there's a lovely false equivalency.

Figuring out what the mechanism for identifying strong passwords is != coding
and posting the tool above.

------
gmac
A sense of humour bypass alert applies to these comments:

I'm afraid I found this a bit confusing -- my initial thought was that more
nakedness might be associated with vulnerability/exposure, and therefore
indicate password _weakness_.

And aside from any sexism, making strong passwords NSFW might not have the
desired effect.

------
aba_sababa
This is cute, but personally, I've never been a fan of password character
requirements. Laissez-faire, and all that...the Internet has no business
telling me how to secure my profiles!

~~~
city41
I agree, and I really hate it when sites require specific formats for
passwords. However this is just a password strength meter (even if it's a poor
one) and not forcing anything on the user.

~~~
Xurinos
Yes... I object to password strength meters that do not accurately gauge a
password's strength but prevent you from entering the password of your choice.
For example, isn't "I agree, and I really hate it when sites require specific
formats for passwords." an amazingly strong password? Instant failure at many
places for not having a single digit in it. Ridiculous. If I made sure it was
completely lowercase, it would fail at a lot of other places.

------
michaelcgorman
Handling of special characters could use some improvement. For instance,
"Hello" (no quotes) has her in her underwear, but with "<H;>/", she still has
pants on. That said, this site is more about the presentation than the
algorithmic implementation; I'm sure someone will fork her on GitHub and teach
her to keep her clothes on longer.

------
alanh
Strength algorithm could use a bit of work, considering pixelbabe took her
shirt off for the password “password”.

~~~
CodeMage
Why write all that when you can get the shirt off with just "1", or any single
digit ;)

------
rmc
It assumes all your users want to see naked ladies.

~~~
petercooper
Yeah, I'd much rather it revealed progressively more of an interesting
algorithm implemented in C.

~~~
raganwald
Thomas runs into George at the coffee shop. "Wow!" George says, "Wait 'til you
hear what happened to me this morning. I was sitting here managing my adword
spend when I noticed a babe giving me the eye. Webmistress type, you know,
Macbook Air, deerstalker cap, and an 'I lost friends on the Death Star' tee
shirt stretched over an impressive pair of melons."

Thomas nods.

"She gets up, grabs the bathroom key, and heads into the disabled/family
bathroom. The one where you can get a lot of privacy. I use it to check on my
Ashley Madison afilliate income. Anyhow, she stops at the door and gives me an
unmistakable look. So I slip my laptop into my bag and follow her in."

Thomas licks his lips. George continues.

"The door closes. She pulls her shirt up over her head and I can see her
breasts are bursting out of a lacy bra. She looks me straight in the eye and
says the magic words: 'Take what you want.' So I did."

Thomas whistles in appreciation. "Good choice, the tee shirt was probably too
small. So, have you got Parallels running on it yet?"

------
teuobk
While it seems like there could be some issues with this in a (particularly
conservative) workplace, I think the concept is great: give users some
incentive to practice safe passwording.

------
biot
Aa2,; appears to be the shortest that gets the full monty.

~~~
pluies
That's probably one of the best comments to demonstrate the "engineer spirit":
no quabble about the sexism claims, the quality of the pixel art, or if it's a
good way to make people pick good passwords... Mere _optimization_.

------
shrikant
This is what I see: <http://i.imgur.com/UV9ca.jpg>

Can someone please explain what this is supposed to be...?

------
djhomeless
Will the password nazis please go home?

Sure, your shell account, bank website, ebay/amazon password should be very
secure, secure to the point of not needing to be prompted, but does every site
on the net, ie your blog, twitter, etc, need to have a min of 8 characters
w/at least one number and one capital?

Oh, agree with everyone here on the creepiness factor here...

~~~
drdaeman
I've seen many of users typing their birth year, their first name or just
"123qwe" as their password. Way too many I'd ever expected.

I really doubt they understood the possible consequences. Restricting is
inacceptable, but warning against using seemingly-insecure password should be
perfectly fine.

------
drdaeman
GPL licensing would scare away many users, because "linking" gets really weird
on the web.

~~~
tzs
The source files say they are dual licensed under MIT and GPLv2.

------
bryanlarsen
This site illustrates one of my pet peeves with "password strength" meters:
punctuation doesn't increase your score. Mixed case does, numbers do, but
punctuation doesn't.

Correction: some punctuation does, but most don't.

------
51Cards
"Oh yes, I always use at least third base passwords"

------
rubyskills
An option to select your gender should def. be included :)

------
jwcacces
Her lips look like a mustache

