Pricing  Get Quote

Password strength explained

Password strength can be defined as the measure of immunity that passwords possess against any kind of password threat.

According to Troy Hunt, the founder of Have I Been Pwned?, passwords are here to stay—in spite of their security failings. One major reason for this is the comfort and familiarity that passwords offer. But, the weak security front of password authentication cannot be ignored, especially in this age of sophisticated attacks. This is why password strength is more relevant now than ever before.


Defining weak passwords

Verizon's 2020 Data Breach Investigation Report states that 80 percent of data breaches that involved hacking started as simple password attacks. This shows how susceptible passwords are to attack. Before we learn to make strong passwords, let's learn what we've been doing wrong.

Here are some examples of weak password practices:

  • Using name, username, birth year, or employee ID in your password. Since all this information is publicly available, these passwords are easy to crack.
  • Using common phrases like qwerty, asdfg, 12345, password, etc.
  • Setting passwords that are too short.
  • Setting passwords with patterns like jjjjj, treetree, etc.

Password entropy

Password entropy is a measure of unpredictability of a password. This is a good indicator of password strength. The higher the password entropy, the stronger the password. While setting passwords, our aim should be to maximize this parameter.

Let's take a look at some best password practices:

  • Enforce password history to avoid password reuse.
  • Set a minimum length for passwords.
  • While passwords are being set, check if they contain dictionary words, patterns, or usernames, partial or full.
  • Do not change passwords too often, as this can prove counterproductive for security.

Protect your passwords from cyberattacks with ADSelfService Plus

ADSelfService Plus is an integrated Active Directory self-service password management and single sign-on solution. It offers a password policy enforcer that can help your organization set fool-proof passwords.

With ADSelfService Plus' password policy enforcer, you can:

  • Set custom password policies for different groups of employees in your organization.
  • Decide how many characters of different types can be included in a password.
  • Disallow patterns, repetitions, dictionary words.
  • Set minimum and maximum password lengths.

Other features of ADSelfService Plus include:

Experience easy and effective password management with ADSelfService Plus.

Learn more Download now

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link