How Secure Is My Password?

A secure password is very different today than it was ten years ago. Strong passwords require more variance and randomness than ever. A single regular word where a's are replaced with @'s and o's become zeros, like [email protected]$$w0rd!, used to be a common – and secure – password. Likewise, three unrelated words with no special characters combined, like windowparachutewheels, would have worked a few years ago.

But now, neither of those passwords is considered secure. The password strength test says it would take less than a second to crack [email protected]$$w0rd! in an offline attack with fast hashing and only three seconds to crack windowparachutewheels in the same attack. Cracking these passcodes may take longer in less aggressive incidents, like throttled attacks, but the fact remains that passwords must be stronger than ever.

Though each password is different, length and diversity are key when you create a password. Try different combinations of uppercase and lowercase letters, numbers, and special characters, and make sure you create a password of more than 20 characters for the best results. The password jY82!xm90rTyU2!7!lxm, for example, is 21 characters made up of letters, numbers, and exclamation points. It would take the same offline attack with fast hashing centuries to crack.

Safely Test Your Password Strength.

Password Strength Test

With the number of accounts people maintain, both on and off the Internet, creating strong passwords is a challenge. If you’re worried about having your information exposed because of a weak password, use this password strength test to check the quality and security of your passcode.

How does the password strength test work?

The password strength test analyzes your password. It reviews how long it would take to crack with four different types of cyberattacks - a throttled online attack, an unthrottled online attack, an offline attack with slow hashing, and an offline attack with fast hashing - and offers tips for increasing the password’s strength based on what you entered. With this information, you can revise your password to make it stronger or opt to generate a stronger, new password altogether with a password generator.

The password strength test is written entirely in JavaScript, meaning that the processing is done completely on your device. No password information you test is submitted to this site. It’s completely safe to test any password using our password tester.

How to check if your password is strong

A strong password should be one that is not easily guessed by anyone. It shouldn’t relate to personal information, such as the name of a pet or a date significant to you. That information is easy to remember. However, it makes it more likely that a hacker could guess your password based off a social media profile or knowledge of your general interests.

To avoid creating weak passwords, make sure to include uppercase letters, lowercase letters, numbers, and special characters in each of your passwords. A variety of upper- and lowercase letters, as well as numbers and symbols like an exclamation mark or dollar sign, increase the difficulty of any password, no matter how simple it originally may have been.

Most experts recommend that passwords contain at least 8 to 12 characters. However, don’t feel restricted by this password length; the Cybersecurity & Infrastructure Security Agency (CISA) advises that the longer a password is, the more secure it is. The National Institute of Standards and Technology (NIST) has recently revised their recommendations to allow passwords a maximum of 64 characters. A password that long, with a combination of the four character elements above, is highly unlikely to get cracked with today’s technology. In the tool above, a password of at least 20 characters made up of a combination of letters, numbers, and special characters would take centuries to crack by any of the attack methods.

What are the easiest passwords to guess?

The easiest passwords to guess are ones that spell out real words or phrases with no character variation. For example, a password that spells out your name and your birth year could be guessed by anyone who knows your basic information. Don't create a password using information someone could find such as your birthday, which can be found in online records, or your IP address, which can be found on the What's My IP website.

Furthermore, common passwords like 12345678 and password are weak and easily guessable. Try instead more unique passwords that don’t mean anything to anyone except for you; this will make it possible for you to remember your password without making yourself vulnerable.

Use a passphrase instead of a password

Using a passphrase instead of a password is one option for creating a more secure password. Take a phrase and use the first letter of each word, then add characters and numbers; for example, “This is my favorite passphrase turned into a password!” becomes TimFPtiaP!92. Users may find this easier to remember, but hackers will find it more difficult to crack.

Using password managers for better password strength

For users who struggle to remember their passwords or have difficulty coming up with strong passwords on their own, password managers are a good option. Password managers, like RoboForm, create and store unique, hard-to-crack passwords in their system for each user. The user creates a master password, which is the only key they must remember. Make sure to test the password strength of the master password, however.

Using a password manager helps users protect against data breaches, since each password is unique. It makes it nearly impossible for hackers to guess the passcodes with brute force.

Use a password manager to create strong passwords. Then, test the passwords in the tool above to see just how well password managers really do work.