Don’t trust password requirements blindly. Here’s why.
When you create a new password, some websites ask you to comply with provided password requirements. For instance, the website may ask you to use at least one number and symbol.
However, does this security measure necessarily guarantee that the password is strong? Should you trust such password requirements blindly?
Why do websites set specific password criteria?
The majority of reputable websites make you follow their password creation policy. If set up correctly, it should not allow you to create an account unless your password meets all the requirements.
In most cases, the password requirements include:
- At least 10-15 characters;
- Uppercase letters;
- Lowercase letters;
- Numbers;
- Special characters (~ ! @ # $ % ^ * – _ = + [ { ] } / ; : , . ?).
Additionally, some reputable platforms even check if the password:
- Differs from the username;
- Does not include the most common passwords;
- Differs from your name or surname.
Such criteria are beneficial for at least a few reasons.
First, it enhances overall password security. The more complex the credential, the more secure it usually is.
If you compare a password qwerty with C0ffee*br$E68ak#, the latter is incomparably more secure. Without such restrictions, most people would not bother creating more complex logins.
Also, such requirements educate regular internet users about password security. When non-tech-savvy people follow the criteria to create passwords, they learn. Ideally, they can apply good password creation practices to change passwords on other platforms.
Consequently, it is beneficial for website developers to require their users to meet password criteria while registering. It is directly linked with safer browsing and higher customer satisfaction.
And yet, does it necessarily mean that a password that meets all criteria is necessarily strong?
Password requirements – a fake sense of security?
Even if you tick all the boxes in password requirements, the password may not be that strong. Here is how a person can create a theoretically strong (but practically weak) password:
- A few lower case letters: password
- At least 1 upper case letter: Password
- A number: Password1
- At least 1 special character: Password1!
- Length – at least 10 characters: Password1!
Does that mean such a password is strong and difficult to crack? Absolutely not.
Human brains follow easy patterns: people put upper case letters first; they start counting from 1 or indicate their birth year. They use intuitive special characters. Most often, the first ones on the keyboard (! @ #).
Blindly trusting such password requirements can pose serious security risks. First, it is easy for a hacker to guess the login Password1!.
Similarly, any hacker would try adding 123 at the end or exchange a with @, o with 0. The success rates are high.
Second, such guessable passwords are prone to brute force attacks. If the pattern is evident, the computer will decrypt the password within seconds. For example, password1 would take less than a second to crack.
Therefore, even if the password meets the secure password requirements, it does not necessarily mean the credential is bullet-proof or even safe to use.
So what makes a password secure? How can you quickly create (and remember) one?
How to create actually strong passwords?
The easiest and safest way to create strong passwords that meet the required criteria is to use a password generator. This tool combines a random sequence of letters, numbers, and special characters.
These random passwords never resemble a word nor include common phrases. The tool provides you with an actually strong password.
Password generation tools are usually integrated into reliable password managers. This way, you can instantly save the credential into the secure, encrypted vault and find it there whenever needed.
Ideally, you should not even need to remember your passwords. They are all stored in the password manager that you unlock with the Master Password – the only password to remember.
Experience greater cybersecurity. Try out a secure password generator integrated into a password manager that meets all password requirements without a fake sense of security.
