What makes a password strong?

J

Jskid

Posts: 348   +1
I googled for "password strength test" and upon trying many out I found they give drastically different ratings. What really makes a password strong? For example it's easy to remember a phrase but hard to mix numbers and grammar in, so is long and logical or short and random better?

I noticed some of the tests took points off for consecutive numbers or letters, what's the point of this?
 
strong passwords: one that is hard to guess or programmatically conjure.

weak passwords have these characteristics:
  • patterns; aaa..., 111..., abcd..., 1234...,
  • any word in a dictionary
  • any fact associated with you, your location, your famliy;
    eg: names, addresses, phone numbers
all of these can be programmed for successive attempts to find the password that works.
The common defense against this attempt is to allow only a limited number of retries and then refuse access or force a reboot - -
the intruder will get frustrated in the time loss and just abandon the effort.

Strong passwords have these characteristics:
  • mixed CasE charACters
  • PLUS contain at least one numeric value
  • PLUS contain at least one special character {@#$%(-+.,!}
  • AND have a length of 8 or more (more being better).

As to testing password strength - - totally an arbitrary implementation to verify the
absence of the weak and to evaluate the use of the strong.
 
jobeard said:
strong passwords: one that is hard to guess or programmatically conjure.

weak passwords have these characteristics:
  • patterns; aaa..., 111..., abcd..., 1234...,
  • any word in a dictionary
  • any fact associated with you, your location, your famliy;
    eg: names, addresses, phone numbers
all of these can be programmed for successive attempts to find the password that works.
The common defense against this attempt is to allow only a limited number of retries and then refuse access or force a reboot - -
the intruder will get frustrated in the time loss and just abandon the effort.

Strong passwords have these characteristics:
  • mixed CasE charACters
  • PLUS contain at least one numeric value
  • PLUS contain at least one special character {@#$%(-+.,!}
  • AND have a length of 8 or more (more being better).

As to testing password strength - - totally an arbitrary implementation to verify the
absence of the weak and to evaluate the use of the strong.
Click to expand...

So the password t345z is weaker than t294z? But if the password guesser is going in a sequential order wouldn't these be the same?
 
Jskid said:
So the password t345z is weaker than t294z? But if the password guesser is going in a sequential order wouldn't these be the same?
Click to expand...
no, both are about the same as there are both numbers and letters.
the sequences noted in weak passwords applies to a pure sequence without pre/post characters, eg - passwords like 12345678 which is trival compared to t345z
 
Would a password of 5 English words be stronger than 7 completely random characters?

e.g. "I wake up at seven" vs "f34j!_)"
 
Password strength

Using any real english words, won't make a strong password, no matter in what order, or what words are used. A computer can search through lists of real words in seconds.
A 'strong' password, is one that has no logic for a computer to follow, so that means upper and lower case mixed, numbers and punctuation marks in a random order.
But a password CAN be cracked, if enough time and computer power is available !!
 
You must log in or register to reply here.

Similar threads

N
Your favorite password manager could be exposing your credentials
Replies
21
Views
567
ZedRM
ZedRM
Cal Jeffrey
The worst passwords of 2023 are also the most common, "123456" comes in first
Replies
23
Views
718
Gezzer
G
J
Intel's Foundry financials and what it needs to turn things around
Replies
1
Views
74
redgarl
R

Latest posts

Back