Why does Kaspersky warns that my WiFi password is weak when it is not?

[AndrewS]

I'm getting the following warning from Kaspersky Antivirus.

My WiFi password is 27 characters long and it was generated by 1Password (which says its strength is excellent).

Is it a weak password? Seriously? Easy to guess? I want to see somebody try...

The only reason I can imagine Kaspersky warns about it is that the password does not contain capital letters or numbers. It only contains lowercase letters and punctuation. Also, it is a combination of several unrelated words. This is a common practice in 1Password to generate passwords that are easier for people to enter (especially important on mobile devices where it is extremely difficult to enter complex random passwords). 

But the length of a password is what makes it difficult to brute-force - not its complexity. There are plenty of research articles on the Web that explain that - it is common knowledge.

So I interpret this warning as lame and it makes me doubt the professionalism of the Kaspersky team and undermines my trust in the product.

I'm running Windows 11 Pro and Kaspersky Premium (I cannot copy the version number from anywhere - only as a screenshot).

I checked a similar password of 4 random words with punctuation (not my password) in an external tool - just for example

 

[harlan4096]

Welcome to Kaspersky Community.

 

Check this link: https://support.kaspersky.com/common/windows/12779

 

Also: https://support.kaspersky.com/us/kfa/236366 (also a bit obsolete, but still valid)

 

Password recommendations resources for passwords in 224:

 

https://community.trustcloud.ai/article/nist-password-guidelines-2024-15-rules-to-follow/

 

https://www.itsasap.com/blog/nist-password-guidelines

 

https://www.ghacks.net/2024/05/09/how-long-does-it-take-to-crack-a-password-in-2024/

 

I think, nowadays, most of the online services requirements for password request upper and lower letters...

 

Anyway, check also if using AES, and if WPA3 available, would be even better...

[AndrewS]

None of the links you provided contradict the rationale of long passwords generated by 1Password.

More than that, this link https://www.itsasap.com/blog/nist-password-guidelines says in the very first rule:

> Password length matters the most.  

The provided articles are all good and fine, and I agree with them. They do not answer my question, though - why does Kaspersky say that a 27-character-long password, generated by a password manager tool, is weak all of a sudden?

Maybe because it was generated by a competitor? Or maybe it is a simple built-in rule - first thing, after the installation, let's just blindly say that the password is bad (and it does not matter what the password is), then force the user to change it, and steal it while we are at it? I can invent some more paranoid reasons for such behavior.... unless the Kaspersky team confirms it is a bug, which I believe it is.

[harlan4096]

Quote

Maybe because it was generated by a competitor?...

What? how could K. know that? 🤦‍♂️🤷‍♂️

 

Of course, I guess it is probably a built-in rule.

 

My Kaspersky Premium 21.18a did not force me to change any password in my router in any of my systems... nor even previous versions 21.17, .16, . 15...

[AndrewS]

here you have an example of a 12-character password with special characters and capital letters - it is a strong password and everything is fine with it

and here is a 27-character memorable password as generated by 1Password

is it weak? really?

5 minutes ago, harlan4096 said:

What? how could K. know that? 🤦‍♂️🤷‍♂️

I was joking 😄 

[Wesly.Zhang]

Hello,

Have you change the default wifi ssid name provided by manufacturer ?

Regards.