Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Primary Password Strength Meter

  • 2 replies
  • 1 has this problem
  • 25 views
  • Last reply by mike04

mike04
mike04
more options

Hey!

I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis.

I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.)

I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack).

I've added numbers and symbols to long chain passwords in random places. (Still below average)

I tried "Password1234" (Good score...?)

In short: How are these passwords judged, and how do I do better?

Hey! I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis. I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.) I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack). I've added numbers and symbols to long chain passwords in random places. (Still below average) I tried "Password1234" (Good score...?) In short: How are these passwords judged, and how do I do better?

Chosen solution

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

Read this answer in context 👍 0

All Replies (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Chosen Solution

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

mike04
mike04 Question owner
more options

Thank you for the reply! I'll do these things. Sometimes it's hard to change how you've been doing things. It doesn't help that there's a lot of conflicting information around, especially as computers get better at guessing passwords.

Mozilla might take a look at the way that green bar is used, and what criteria it conveys, because it isn't helpful as a heuristic for laypeople. They also might consider linking some resources like the ones you've provided on the Primary Password Reset Screen. I don't know if they have an authenticator that would sidestep the entire issue without people having to use Google's. (I'm sure I'm not alone in trying to find more privacy-respecting tech lately.)

Either way, I digress, and I really appreciate you taking the time to give your perspective!