How to Determine Password Strength


Last modified: September 29, 2020

Overview

This document describes how cPanel & WHM determine password strength. This document also explains how to create passwords of different strengths so that you can meet various minimum password strength requirements.

Note:
  • We strongly recommend that you use the Password Generator feature whenever it is available. For more information, read our Password & Security documentation.
  • This document uses characters found on the ANSI standard US keyboard. Results for other languages and keyboard configurations may vary.

Length and complexity

Two factors determine a password’s strength: length and complexity. A password’s length is determined by the number of characters in the password. For example, the password asdf1234 has a length of eight characters. Most cPanel & WHM passwords require a minimum password length. An increase in password length usually increases the password’s strength.

When you combine letters, numbers, and symbols in a password you increase the password’s complexity. A higher complexity yields a higher password strength. For example, the password cpanelisgreat has a password strength of 25 while cP4n3LIsGr3aT has a password strength of 100. When you repeat the same character, use dictionary based words, or use consecutive letters or numbers, you do not increase password strength. For example, 12345678 has a password strength of 1 while 18273645 has a password strength of 86.

Categories

Four categories exist for the possible characters in a password:

  • Lowercase letter — (a — z)
  • Capital letter — (A — Z)
  • Number — (0-9)
  • Symbol — (!@#$%^&*()~-_=+[{]}\|;:'",<.>/?)
Note:
  • Some symbols yield a higher strength valuation than others.
  • Symbols are also known as special characters.

Combinations

The following table provides some example passwords of different lengths and complexities. For brevity, this table does not include all potential character combinations.

Warning:
Do not use the examples provided verbatim. Use of these examples could create a security risk.
Description Example Strength Length Lowercase Capital Number Symbol
Repeating character aa, aaa, aaaa, 11, 111, 1111 1 2 — ∞
Consecutive characters 12345678, abcdefgh 1 2 — ∞
Combination lowercase and capital letter aA 10 2 X X
Combination lowercase letter and number a1 18 2 X X
Combination capital letter and number A1 18 2 X X
Combination lowercase letter and symbol a# 20 2 X X
Combination capital letter and symbol A# 20 2 X X
Combination number and symbol 1# 26 2 X X
Combination lowercase letter, number, and symbol a#1 34 3 X X X
Combination capital letter, number, and symbol A#1 34 3 X X X
Example combination 12345luggage 54 12 X X
Example combination A1b2c3% 74 7 X X X X
Example combination cP4n3LIsGr3aT 100 11 X X X X
Example combination A1b2c3%? 100 8 X X X X
Note:
You can use the Get Password Strength feature to test the strength of any password. For more information, read our WHM API 1 Functions - get_password_strength documentation.

Additional Documentation