Page tree
Skip to end of metadata
Go to start of metadata

Overview

This document describes how cPanel & WHM determine password strength. This document also explains how to create passwords of different strengths so that you can meet various minimum password strength requirements.

Notes:

  • We strongly recommend that you use the Password Generator feature whenever it is available. For more information, read our Password and Security documentation.
  • This document uses characters found on the ANSI standard US keyboard. Results for other languages and keyboard configurations may vary.

Length and complexity

Two factors determine a password's strength: length and complexity. A password's length is determined by the number of characters in the password. For example, the password asdf1234 has a length of eight characters. Most cPanel & WHM passwords require a minimum password length. An increase in password length usually increases the password's strength. 

When you combine letters, numbers, and symbols in a password you increase the password's complexity. A higher complexity yields a higher password strength. For example, the password cpanelisgreat has a password strength of 25 while cP4n3LIsGr3aT has a password strength of 100. When you repeat the same character, use dictionary based words, or use consecutive letters or numbers, you do not increase password strength. For example, 12345678 has a password strength of 1 while 18273645 has a password strength of 86.  

Categories

Four categories exist for the possible characters in a password.

DescriptionExample
Lowercase letter (a — z)a
Capital letter (A — Z)A 
Number (0-9)1

Symbol (!@#$%^&*()`~-_=+[{]}\|;:'",<.>/?)

Notes:

  • Some symbols yield a higher strength valuation than others.
  • Symbols are also known as special characters.
$

Combinations

The following table provides some example passwords of different lengths and complexities. For brevity, this table does not include all potential character combinations.

Warning:

Do not use the examples provided verbatim. Use of these examples could create a security risk.

DescriptionExampleStrengthLengthLowercase (a — z)Capital (A — Z)Number (1-9)Symbol
Repeating character

aa, aaa, aaaa

11, 111, 1111

12 — ∞    
Consecutive characters

12345678

abcdefgh

12 — ∞    
Combination lowercase and capital letteraA102(tick)(tick)  
Combination lowercase letter and numbera1182(tick) (tick) 
Combination capital letter and numberA1182 (tick)(tick) 
Combination lowercase letter and symbola#202(tick)  (tick)
Combination capital letter and symbolA#202 (tick) (tick)
Combination number and symbol1#262  (tick)(tick)
Combination lowercase letter, number, and symbola#1343(tick) (tick)(tick)
Combination capital letter, number, and symbolA#1343 (tick)(tick)(tick)
Example combination12345luggage5412(tick) (tick) 
Example combinationA1b2c3%747(tick)(tick)(tick)(tick)
Example combination

cP4n3LIsGr3aT

10011(tick)(tick)(tick)(tick)
Example combination A1b2c3%?
1008(tick)(tick)(tick)(tick)

Note:

You can use the Get Password Strength feature to test the strength of any password. For more information, read our WHM API 1 Functions - get_password_strength documentation.

 

Additional documentation