Complexity and Hackability


Time to crack using core(s):


The password can be randomly generated using the green "Generate" button, or typed directly in if the field is "Writeable".

When the password field his in "password" mode (e.g. the chars are masked by black dots), a visual colored hash appears in its background.
It comes in completion with the VisualHash image available in the options.

All of them intend to make it easy for you to remember your password.

1) QRCodeHash

The QRCode hahs displays a QRCode representing a SHA256 hash of the given password. However, it remains quite complicated for some people to remember their passwords using this way, especially when there are a lot of chars.

2) VisualHash

The VisualHash displays, as its title say, a visual representation of the hash of the given password. This way, you can easily remember the shape and the colors that are displayed, and therefore recognized it while typing your password again (in a password field with hidden chars), without anyone being able to spy over your shoulder.

3) Password spelling

The password spelling intend to give you several mnemonic ways of remembering your password, using words.

Protect It! offer three ways for you to check on your password's skills:

1) Complexity

Your password's complexity is described in percentage, so you have live information about how hard your password is to crack.
Complexify's default settings will enforce a minimum level of complexity that would mean brute-forcing should take ~600 years on a commodity desktop machine.
The 'perfect' password used to scale the complexity percentage would take 3x10^33 years. These are equivalent to a 12 character password with uppercase, lowercase and numbers included, and a 25 character password with uppercase, lowercase, numbers and a wide range of punctuation.

2) Hackability

This is the hack meter that every site should show when you're creating an account with them. It tells you how many possible passwords it is possible to make based on the length and character classes used.
The password "1p" has 2 characters, one a lowercase letter and the other one a number. To brute force this password, there are 26 possible letters and 10 possible numbers which is (10 + 26) * (10 + 26) = 1,296 possibilities.Less than a second to crack!
These numbers are only for demonstration purposes. Please do your own research on password security!
The numbers are derived from hashcat's site.

3) Strength

The jQuery Password Strength Meter is a plugin for Twitter Bootstrap that provides rulesets for visualy displaying the quality of a user typed in password.
It will show a colored bar right under the password field, indicating the password's strength that most websites will consider valid.
N.B: This feature is different from the complexity, which is explained above.

Designed and developed by Raphaël MARQUES, "Protect It!" is a web-based solution created for a project.
The goal of this application is to help create safe and secure passwords, while remembering them without having to write them down somewhere.

My name is Raphaël MARQUES, 22 y.o. and I'm currently studying Computer Science at the EPSI Bordeaux engineering school (33000, France).

My beta testers: Bastien, Yoann, Fabrice
Geek's password meter: Link
VizHash: Link
VisualHash: Link
QRCode: Link
Complexify: Link
SHA256: Link
Bootsrap Password strength: Link