Length
Generally speaking, long passwords are stronger than short ones. Certainly anything shorter than 14 characters is weak.Personal Information
Passwords that include personal information such as your name, birthday, school name or favorite sports team are weak.Dictionary Words
Dictionary words such as "mydogiscute" are easier to guess than sequences of characters that aren't in the dictionary.Well Known Patterns
Patterns of numbers or characters that are well known such as "911" are weak.Dates
Dates are weak. For example, 1/1/1970 is weak.Repetition
Repeated characters are easier to guess than non-repeated. For example, "1111111" is a terribly weak password.Reused Passwords
Avoid reusing passwords as it is common for password data to be leaked. A unique password for each logon is stronger than reusing the same password.User Ids
Using any user id such as an employee number as a password is always weak.Keyboard Patterns
Keyboard patterns such as "asdf" are weak.Common Obfuscation
Commonly used attempts to obfuscate a password such as "p@ssw0rd" are weak.Doubled Words
Passwords that contain the same pattern twice are weak. For example, "catcat1" is weak.Vowels
Algorithms will use any advantage they can find in guessing a password. Vowels are used more commonly in English and in passwords. As such, they may be guessed more often.One
The digit 1 shows up in passwords more than other numbers and may often be guessed by brute-force techniques.Random
Random patterns or reasonable simulations of randomness tend to be strong. For example, "7Fi^u&.2kFioPx6s3iZi8tmbdq0-!jlxJfE" is reasonably strong.Character Variety
Using a variety of character types such as upper case, lower case, numbers and symbols helps to strengthen a password.Overview: Strong Password | ||
Type | Defensive ComputingInformation Security | |
Definition | A password that is difficult for a human or a machine to guess. | |
Related Concepts | Information SecurityDefensive ComputingPseudorandomDefense in DepthPassword Paradox |