OWASP Passfault

Revision as of 17:56, 31 January 2014 by Cam Morris (Talk | contribs)

Jump to: navigation, search

OWASP Project Header.jpg

OWASP Passfault

OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple.


Measures the size of password patterns and identifies more weak passwords, yet allows strong passwords that don't match traditional password policies
Provides detailed analysis of the password and sub patterns within the password, so users quickly learn how to make strong passwords without training.
Presents the password strength as the "time to crack" to help communicate the risk of poor paswords, providing the incentive to create stronger passwords.
Empowers administrators to know and control the strength and risk of the organization's passwords.


When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength.

When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: the number of passwords found in the password patterns. This measurement is made more intuitive and meaningful with an estimated time to crack.


OWASP Passfault is free to use. It is licensed under the [Apache License version 2.0] .

What is Passfault?

OWASP Passfault provides:

  • xxx
  • xxx


Link to presentation

Project Leader

Cam Morris

Related Projects

Quick Download

  • Link to page/download

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1

In Print

This project can be purchased as a print on demand book from Lulu.com


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files CODE.jpg



XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx


  • xxx
  • xxx

As of XXX, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Passfault (home page)
Purpose: Passfault evaluates password strength and enforces password policy. It identifies patterns in a password then enumerates how many passwords fit within the identified patterns. This approach is more accurate and more intuitive. It allows administrators to know and control password risk, instead of hoping that users will create strong passwords.
License: http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License v2 (ASLv2)
who is working on this project?
Project Leader(s):
  • Cam Morris @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Cam Morris @ to contribute to this project
  • Contact Cam Morris @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
last reviewed release

other releases