All criterias marked with * are basic requirements. A certain number if these requirements has to be met to
get the bonus, otherwise a penalty is applied.
The character count is one of the most important factors of a password. The longer the better.
A minimum length is required.
Sadly enough, not all systems support long passwords.
This criteria represents the recommended password length. So passing or exceeding this value
gives the password an additional bonus. Besides that, you have additional confidence that your
password is harder to crack.
Lowercase letters are one type of characters that should be used to increase to amount of possible
characters in the password. You increase the "alphabet" size by using from a wide range of characters.
Uppercase letters are important to make your password as difficult as possible to break. Place the uppercase
letters not only at the beginning but also at unexpected positions.
Numbers enhance the available alphabet and make your password harder. Try to avoid typical easy to guess numbers, such
as years, birthdays, or common numbers like the famous 42.
Symbols are the main incredient of a good password. First of all the alphabet gets bigger, secondly you brake the common
pattern of having a plain word. So, instead of "Hammer", you write "H*mme/" or even better "Ha@m-mer!".
Numbers at the end are really common, so we give your password an additional bonus when you put your numbers in the middle.
A lot of people use symbols to enhance their passwords, but they simply put the stuff at the end, so we honor symbols in the middle.
Many users tend to use easy to remember patterns, such as "abc" or "rst". So we try to avoid that and apply a penalty when we
discover such a pattern.
Also easy to remember number combinations are evil when used in a password, because they are easy to guess. We will apply a penalty when
we discover patterns, such as 012 or 789.
Just typing the keys that are close to each other on the keyboard is something easy to remember but also one of the first attack
vectors for a password crack. We will penalize patterns from German and English keyboards.
A password becomes weak when it repeats the same patterns and phrases over and over again. For instance, "Tsae3-Tsae5" looks nice, but
contains too much redundancy, so we apply a penalty.
The penalty is only applied, when the recommended password length is not reached.
Repeating a sequence in reverse order does not make the password stronger, so we make it a good practice to avoid that.
The penalty is only applied, when the recommended password length is not reached.
Including years such as your birthday or common events from the near past or future (e.g. 1910, 1972, 2042) just makes it
easier to guess or break the password or password hash.
The penalty is always applied.
Check on HaveIBeenPwned.com if the password has been compromised in a data breach (hundred of millions leaked passwords database).
The password is NOT send on Internet while testing it. Technichal explainations on:
https://haveibeenpwned.com/API/v3
🔴 Present in leaked databases, don't use this one!
🟢 No database leaked with this password.