Relatively, shorter passwords, especially passwords without symbols, will also be relatively weaker. Passsphrase recommends that you use at least ten characters. In fact, the form will not accept less than six for a length. Making a password pronounceable (and frankly some of these pronounceable passwords will still be a mouthful) also makes that password relatively weaker.
A good password should make it relatively more difficult for malevolent folks to guess it.
The term password strength is used to describe the relative effectiveness, if you will, of a particular password to withstand brute-force or repeated guess attacks.
With this in mind, Passphrase considered several factors. What character set did the password use. Did it have letters, numbers, and symbols. Were the letters both upper and lower case? Were there sequences or pairs in the password? And was the password one of the 10,000 most common English passwords?
Finally, Passphrase considered the length of the password, multiplying a password score factor by the number of characters in "e6*d9a4@E9b16d)."
|Factor||Result for "e6*d9a4@E9b16d)"||What it Means|
|Overall Password Strength||1155||
This is the overall Passphrase password strength score for "e6*d9a4@E9b16d)."
Scores below 250 represent relatively weak passwords. Scores from 251 to 500 represent passwords that are fair. Scores from 501 to 800 represent strong passwords. A password strength score between 801 and 1000 would be very strong, and a password with a strength score greater than 1000 is crazy strong. Thus, "e6*d9a4@E9b16d)." is a Crazy Strong password.
|Has Letter Characters||true||
The size of the character set a password makes use of has a significant impact on strength. Passphrase checked for English letter chacters to get an idea of the size of the character set.
|Has Uppercase and Lowercase Letters||true||
Using both uppercase and lowercase letters increases the relative size of the character set, potentially making a password stronger.
Sensing a pattern? Including numbers increases the size of the character set. As an example, one measurement of password strength is something called entropy, which is measured in bits.
A password using just Arabic numerals (numbers) will need to be 20 numbers long to have an entropy of 64 bits, but a password using numbers, uppercase letters, and lowercase letters would need just 11 characters to have an entropy of 64 bits.
Symbols will, again, expand the character set, and make for a much stronger password.
|Has Paired Letters, Numbers, or Symbols||true||
Passphrase deducts a very small amount for passwords that have paired letters, numbers, or symbols. Examples include, aa, 11, and ??.
|Has Numeric Sequences||false||
Believe it or not, 123456 is one of the most commonly used passwords in the world, and it is, therefore, weak. Passphrase deducts for numeric sequences.
|Has Alphabetical Sequences||false||
The password abcdef is right up there with 123456 as one of the most commonly used passwords, so Passphrase checks for alphabetical sequences and subtracts from the password's strength score if any are found.
|Has Reverse Alphabetical Sequences||false||
Passphrase also tests for reverse alphabetical sequences, so cba not just abc. Again, if such a sequence is found, points are subtracted from the password's score factor. A reverse alphabetical sequence has a relatively smaller penalty than an alphabetical sequence.
|Has "QWERTY" Sequences||false||
Keyboard smashing is not a recommend method for creating strong passwords, so Passphrase looks for letter sequences found on a QWERTY keyboard.
|Has Reverse "QWERTY" Sequences||false||
Passphrase also checks for reverse QWERTY keyboard sequences, so ytrewq as well as qwerty.
|Has or Includes a Common Password||false||
Passphrase compared "e6*d9a4@E9b16d)" to a list of 10,000 common English passwords.
Passphrase creates a score factor for each password it tests. That score factor is multiplied by the number of characters in a given password to generate the overall score.
In this case the password "e6*d9a4@E9b16d)" earned a score factor of 77 which was multiplied the number of characters in "e6*d9a4@E9b16d)" (15 in this case) for an overall score of 1155.
It is important to remember that password length is very different from password strength. A longer password is not necessarily stronger, but when one uses a large character set, a longer password can become more challenging to guess.