The internet began as a way to connect multiple computers and bridge interaction between them, regardless of vast distances or device type.
A common language of the internet was formulated, one that enabled different networks to communicate and share data, resulting in the interconnected world that we now inhabit. We do pretty much everything on the internet today, be it banking, shopping, dating, and more often than not, mindlessly perusing cat videos.
As is common knowledge, these websites hold sensitive user data, which, when accessed by the wrong hands, can wreak havoc for the site users and the company in question. Naturally, to circumvent this problem, websites require you to add a strong password when you first access the website.
As computers are getting stronger, so is their ability to crack passwords. Hence, it is advised to add different types of characters in your password.
This is also reflected in the form fields on new login processes, as they state it is mandatory to add characters like an uppercase word (A), a lowercase word (m), a number (7), a special character ( _, /, #, &, %, /), and a minimum number of overall characters (8-15), etc.
But how do these form fields assess the strength of your password and determine that you have successfully ticked off all criteria when it doesn’t store your every attempt at creating a new password on its local servers?
How does it seem to happen instantly on the form field without any lag or refreshing of the webpage?
Let’s take a look at how this seamless interaction is achieved.
Where is the password evaluated?
First, let’s briefly dive in to how websites work. A website consists of a group of individual web pages that are interconnected to display different parts of the website.
A web page uses text, images, videos, links, interactive fields, and buttons to communicate with you, the person who happens to land on the domain (e.g. https://www.scienceabc.com) of the website.
When you enter a web address (e.g. https://www.scienceabc.com) on a browser (Chrome, Firefox, etc.), the browser fetches the code that makes up the website from where the web server is hosted and displays this information on your screen. Every time you reload the screen or click on a new page of the website, this process is executed.
In the case of setting a new password, a condition can be added for the field that asks the user to form a password, including things like:
- Uppercase words (A, B, C)
- Lowercase words (a, b, c)
- Numbers (1, 2, 3)
- Special Characters ( _, /, #, &, %, /)
- A particular length of the password (8 – 15 characters)
The programmed script will keep watching the password field for your input and run it through its checklist of characters that must be added in your entry. In case any of them is missing, the script displays an error message stating exactly which characters you have failed to add in your password.
It will also gauge the strength of your password based on the complexity of your password; the more varied characters you use, the more difficult it is to crack your password.
Although this method is widely used, many websites are opting for a Single Sign-On (SSO) system for user access. SSO’s enable third-party websites to use user accounts from Google, Facebook, Twitter, etc. for authentication and a secure sign-in for visitors, without needing to create a new account specifically for that website, thus eliminating the hassle of keeping user logs.
This makes intuitive sense; as the number of websites you visit that require an authentication increases, the number of passwords you will have to remember will also increase, and who likes doing that?
However, this method of password validation will not completely vanish, as many websites also want a standalone entry for their users (online banking, stock trading, etc.), so you might want to keep snacking on almonds to keep that memory of yours strong enough for our modern myriad of multi-character passwords.