What Makes a Password Weak or Strong?

The word password written on the inside of a hand

Knowles / Getty Images

You use passwords every day and know that some are better than others, but do you know what makes a good password good and a bad password bad? Take a look at the different factors that make a password weak or strong and find out what you can do to make your passwords better.

Random vs.Predictable

The more random your password, the better it is. If your password is made up of patterns of numbers or keystrokes, then it is likely to be easily cracked by hackers using dictionary-based password-cracking tools.

Complex vs. Simple

If you only use numbers in your password, then it can be cracked in a matter of seconds by a password-cracking tool. Adding letters to create alphanumeric passwords increases the total number of possible combinations, which also increases the amount of time and effort needed to crack the password. Adding special characters to the mix also helps.

Long vs. Short

The length of a password is one of the biggest factors in how quickly it can be cracked by password-cracking tools. Long passwords are much hard to crack. Make your password as long as you can stand.

Traditionally, password-cracking tools require much more time and computing power to tackle long passwords, such as those 15 characters or longer. However, future advancements in processing power may change the current password limit standards.

Password Creation Cheats You Should Avoid

  • Reusing old passwords — While reusing old passwords seems like a brain saver, it increases the likelihood that your account might be hacked. If someone has one of your old passwords and you cycled back to using that password, then your account may be compromised.
  • Keyboard patterns — Using a keyboard pattern may help you bypass your system's password-complexity checking, but keyboard patterns are part of every good cracking dictionary file that hackers use to crack passwords. Even a fairly long and complex keyboard pattern is likely already part of the hacking dictionary file and can result in your password being cracked in mere seconds.
  • Password doubling — Simply typing the same password twice to meet password length requirements doesn't make it a stronger password. In fact, it can make it weak because you have introduced a pattern into your password, and patterns are bad.
  • Dictionary words — Using whole words in a password is not advisable because hacking tools are built to target passwords containing whole words or partial words. You may be tempted to use dictionary words in your longer passphrases, but you should avoid this because dictionary words as part of passphrases may still be crackable.

A Note to System Administrators

It is up to you to make sure you don't allow your users to create weak passwords. You need to ensure that the workstations and servers that you manage have password policy checking implemented so that users are forced to come up with strong passwords.

Password Cracking Explained

Some users assume their password is safe because they believe that a hacker can only make three attempts on their password before the account is locked. What many users don't understand is that password hackers steal the password file and then attempt to crack that file offline. They only log in to the live system after they have obtained a cracked password they know is going to work.