TechSpot

What makes a password strong?

By Jskid
Jun 15, 2011
Post New Reply
  1. I googled for "password strength test" and upon trying many out I found they give drastically different ratings. What really makes a password strong? For example it's easy to remember a phrase but hard to mix numbers and grammar in, so is long and logical or short and random better?

    I noticed some of the tests took points off for consecutive numbers or letters, what's the point of this?
     
  2. jobeard

    jobeard TS Ambassador Posts: 8,958   +587

    strong passwords: one that is hard to guess or programmatically conjure.

    weak passwords have these characteristics:
    • patterns; aaa..., 111..., abcd..., 1234...,
    • any word in a dictionary
    • any fact associated with you, your location, your famliy;
      eg: names, addresses, phone numbers
    all of these can be programmed for successive attempts to find the password that works.
    The common defense against this attempt is to allow only a limited number of retries and then refuse access or force a reboot - -
    the intruder will get frustrated in the time loss and just abandon the effort.

    Strong passwords have these characteristics:
    • mixed CasE charACters
    • PLUS contain at least one numeric value
    • PLUS contain at least one special character {@#$%(-+.,!}
    • AND have a length of 8 or more (more being better).

    As to testing password strength - - totally an arbitrary implementation to verify the
    absence of the weak and to evaluate the use of the strong.
     
  3. Jskid

    Jskid TS Maniac Topic Starter Posts: 341

    So the password t345z is weaker than t294z? But if the password guesser is going in a sequential order wouldn't these be the same?
     
  4. jobeard

    jobeard TS Ambassador Posts: 8,958   +587

    no, both are about the same as there are both numbers and letters.
    the sequences noted in weak passwords applies to a pure sequence without pre/post characters, eg - passwords like 12345678 which is trival compared to t345z
     
  5. skipper86

    skipper86 TS Rookie Posts: 19

    use special characters in your password..!! it makes your password really strong..!
     
  6. Jskid

    Jskid TS Maniac Topic Starter Posts: 341

    Would a password of 5 English words be stronger than 7 completely random characters?

    e.g. "I wake up at seven" vs "f34j!_)"
     
  7. mike1959

    mike1959 TS Evangelist Posts: 1,017   +51

    Password strength

    Using any real english words, won't make a strong password, no matter in what order, or what words are used. A computer can search through lists of real words in seconds.
    A 'strong' password, is one that has no logic for a computer to follow, so that means upper and lower case mixed, numbers and punctuation marks in a random order.
    But a password CAN be cracked, if enough time and computer power is available !!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...