Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Primary Password Strength Meter

  • 2 replies
  • 1 has this problem
  • 7 views
  • Last reply by mike04

Hey!

I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis.

I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.)

I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack).

I've added numbers and symbols to long chain passwords in random places. (Still below average)

I tried "Password1234" (Good score...?)

In short: How are these passwords judged, and how do I do better?

Hey! I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis. I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.) I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack). I've added numbers and symbols to long chain passwords in random places. (Still below average) I tried "Password1234" (Good score...?) In short: How are these passwords judged, and how do I do better?

Chosen solution

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

Read this answer in context 👍 0

All Replies (2)

Chosen Solution

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

Thank you for the reply! I'll do these things. Sometimes it's hard to change how you've been doing things. It doesn't help that there's a lot of conflicting information around, especially as computers get better at guessing passwords.

Mozilla might take a look at the way that green bar is used, and what criteria it conveys, because it isn't helpful as a heuristic for laypeople. They also might consider linking some resources like the ones you've provided on the Primary Password Reset Screen. I don't know if they have an authenticator that would sidestep the entire issue without people having to use Google's. (I'm sure I'm not alone in trying to find more privacy-respecting tech lately.)

Either way, I digress, and I really appreciate you taking the time to give your perspective!