If you’re having trouble choosing a password that satisfies our strength meter, here are some helpful tips:
- Our strength meter is not just counting characters and numbers and capitals. It’s using a password-dictionary to restrict easy-to-hack passwords.
- Longer passwords are better.
- Avoid obvious character substitutions (known as “leet-speak”), such as “$” for “s” or “@” for “a”.
- Avoid only capitalizing the first letter, and ending with a number or symbol.
- Using common words is ok if you use enough characters.
- Avoid using common keyboard patterns, such as “qwerty”, “zxcv”, “789”, “123”, and so on.
For example, a password of “Pa$$w0rd123!” is not a good password by modern standards. It uses a dictionary word, it uses common leet-speak replacements, it starts with a capital letter, it ends in a symbol, and it includes a whole number which is a common pattern of sequential digits. It’s a human pattern, and modern password cracking systems are geared to specifically crack exactly that kind of password.
Here’s a popular, helpful comic from xkcd that illustrates good password creation: