Objective
The primary objective of this experiment is to assess the strength of a commonly used password using the PortSwigger Password Strength Tester. The experiment demonstrates how weak passwords are easily guessable and highlights the importance of creating strong, complex, and unique passwords as a fundamental aspect of cybersecurity and personal data protection.
⚙️ Steps Performed
Accessed the Tool
Navigated to the official website of PortSwigger and opened the Password Strength Tester tool, a widely recognized utility used to test password robustness against common attack patterns.
Entered a Sample Password
Input the password "rohan123", which reflects a typical weak password. It includes a name (which could be easily guessed or found on social media) and a simple numeric sequence—making it vulnerable to brute-force or dictionary attacks.
Initiated Evaluation
Clicked on the "Establish password strength" button to analyze the entered password. The tool evaluated the password based on entropy, common patterns, dictionary matches, and other heuristics.
Analyzed the Results
Observed that the password was flagged as "very weak", with suggestions provided for creating a stronger alternative. The tool explained why this password is insecure and how attackers could compromise it quickly using automated tools.
Passwords like rohan123 combine a name with simple digits — a predictable pattern vulnerable to dictionary or brute-force attacks.
Attackers can easily guess such passwords using automated scripts or precompiled lists.
Strong passwords should include:
Uppercase and lowercase letters
Numbers
Special characters
Minimum 12–16 characters
Users should also enable Multi-Factor Authentication (MFA) to add a second layer of security even if the password gets compromised.