.svg)
How Enpass checks for weak passwords
Weak passwords are unsafe because they are either not complex enough to be strong (too short, too little variation in the characters they contain, etc.) or they contain what seem like personal information that could be found online or easily guessed (significant dates, personal or pet names, hobbies, etc.) by anyone seeking to access your accounts.
Checking password strength in Enpass is based on a trusted password strength estimator called zxcvbn. It recognizes common names and surnames, common passwords, popular English words, other common patterns like sequences (abcd), repeats (aaa), dates, keyboard patterns (qwertyuiop).
Zxcvbn calculates the entropy (randomness) of passwords, which is a determining factor of password strength. This table represents the various strengths of password entropy:
|
Bits of Entropy |
Password Strength |
|
<35 |
Very poor |
|
35-50 |
Weak |
|
50-70 |
Average |
|
70-100 |
Good |
|
>100 |
Excellent |