You are here >  theory >  passwords



Password strength has been a major focus for the past few decades in the arena of authentication. This is because passwords still can be protected from the attackers, if they are chosen well. Thousands of attackers have been cracking [bruteforce, rainbow technique, etc.] passwords across the world in order to:

  • Gain access to sensitive content.

  • Prove their skills.
  • Attack someone & bring them down.
  • Just educate themselves by doing it at random.

Choosing a password


Choosing or picking a password is done well, if the strength of the password is good. How can one define a strong password? A strong password is something that is hard to guess[not a dictionary word or personally identifiable] and is a good long string made of combination of numbers, letters and special characters. Strength of the password could be calculated based on several factors, such as:

  • Length of the password.
  • Number of alphabets used [lower(a-z) and upper(A-Z) cases].
  • Numerical used [0-9].
  • Special characters [ ! ~ . / \ | { } [ ] ( ) - _ + = ; ' : " ].
  • Distribution of the passwords.

What makes a weak password?


Now that we have looked into what good passwords are, let us look at what weak passwords would be. This is something that every user should know before picking a password for their authentication, especially to ensure that they do not fall under the weak category. Weak passwords are:

  • Dictionary words.

  • Default passwords [admin, administrators, qwerty, 123456, etc.].
  • Small in length.
  • Pet names [dogs, cats, etc.]
  • Bad distribution [abcd1234, qwer1234, etc.].



Let us look more into what are good passwords with an example. To explain the difference between a good and a bad password, we are going to go through the making of a good password in a stepwise process. In this way, it would help you pick the easiest word and make it into the hardest password.

  • Step 1: Choose couple of simple words. Example: Abandon Biology.
  • Step 2: Change the letters to numbers [h4x0r]. Doing this would change Example in Step 1 to: "4b4nd0n 810|09y".
  • Step 3: Add special characters. Example in Step 2 becomes: 4;b4:nd"0n!810|0@9y#.

In the above 3 steps, you just changed "Abandon Biology" to a complicated one like "4;b4:nd"0n!810|0@9y#". One might wonder, "why not stop at Step 2 instead of proceeding to Step 3". The result of Step 2 "4b4nd0n 810|09y" is a very simple obfuscation of Step 1 and is still crackable. In computer terminology, it is called h4x0r language and most password crackers are filled with them in the dictionary of words that they match with too. To ensure that you are not just good with concepts, but also good at using tools to build quick and fast passwords, test your password strength and more, Password Analytics is building tools and frameworks that would help you put this in action.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google