TechSpot

What makes a password strong?

By Jskid
Jun 15, 2011
Post New Reply
  1. I googled for "password strength test" and upon trying many out I found they give drastically different ratings. What really makes a password strong? For example it's easy to remember a phrase but hard to mix numbers and grammar in, so is long and logical or short and random better?

    I noticed some of the tests took points off for consecutive numbers or letters, what's the point of this?
  2. jobeard

    jobeard TS Ambassador Posts: 13,407   +314

    strong passwords: one that is hard to guess or programmatically conjure.

    weak passwords have these characteristics:
    • patterns; aaa..., 111..., abcd..., 1234...,
    • any word in a dictionary
    • any fact associated with you, your location, your famliy;
      eg: names, addresses, phone numbers
    all of these can be programmed for successive attempts to find the password that works.
    The common defense against this attempt is to allow only a limited number of retries and then refuse access or force a reboot - -
    the intruder will get frustrated in the time loss and just abandon the effort.

    Strong passwords have these characteristics:
    • mixed CasE charACters
    • PLUS contain at least one numeric value
    • PLUS contain at least one special character {@#$%(-+.,!}
    • AND have a length of 8 or more (more being better).

    As to testing password strength - - totally an arbitrary implementation to verify the
    absence of the weak and to evaluate the use of the strong.
  3. Jskid

    Jskid TS Enthusiast Topic Starter Posts: 429

    So the password t345z is weaker than t294z? But if the password guesser is going in a sequential order wouldn't these be the same?
  4. jobeard

    jobeard TS Ambassador Posts: 13,407   +314

    no, both are about the same as there are both numbers and letters.
    the sequences noted in weak passwords applies to a pure sequence without pre/post characters, eg - passwords like 12345678 which is trival compared to t345z
  5. skipper86

    skipper86 TS Rookie Posts: 19

    use special characters in your password..!! it makes your password really strong..!
  6. Jskid

    Jskid TS Enthusiast Topic Starter Posts: 429

    Would a password of 5 English words be stronger than 7 completely random characters?

    e.g. "I wake up at seven" vs "f34j!_)"
  7. mike1959

    mike1959 TS Addict Posts: 1,060   +19

    Password strength

    Using any real english words, won't make a strong password, no matter in what order, or what words are used. A computer can search through lists of real words in seconds.
    A 'strong' password, is one that has no logic for a computer to follow, so that means upper and lower case mixed, numbers and punctuation marks in a random order.
    But a password CAN be cracked, if enough time and computer power is available !!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.