Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Learn More

Esta discussão foi arquivada. Se precisar de ajuda, por favor, coloque uma nova questão.

Primary Password Strength Meter

  • 2 respostas
  • 1 tem este problema
  • 37 visualizações
  • Última resposta por mike04

mike04
mike04
more options

Hey!

I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis.

I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.)

I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack).

I've added numbers and symbols to long chain passwords in random places. (Still below average)

I tried "Password1234" (Good score...?)

In short: How are these passwords judged, and how do I do better?

Hey! I'm trying to do a better job of making passwords, so I'm using a primary password with Lockwise auto-generated passwords on a per-website basis. I wanted to ask about how password strength is determined. Obviously, a higher score (more of the green bar filled) is better, but it's not self-evident what is considered a "good" password. (Besides the fact that it also needs to be easy to remember.) I've tried long chain passwords similar to "Correcthorsebatterystaple" (High-ish score, susceptible to dictionary attack). I've added numbers and symbols to long chain passwords in random places. (Still below average) I tried "Password1234" (Good score...?) In short: How are these passwords judged, and how do I do better?

Solução escolhida

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

Ler esta resposta no contexto 👍 0

Todas as respostas (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Solução escolhida

Passwords should contain uppercase and lowercase characters (e.g. a-z, A-Z) and have digits (0-9) and punctuation characters and symbols and the length should be at least 8, but better is a length of 10 or more. Never use words that can be found or constructed via a dictionary look up, even if there are numbers added or some characters have a different case. Always make sure never to reuse the same password for more than one website, but always use a different password for each website.

mike04
mike04 Proprietário da pergunta
more options

Thank you for the reply! I'll do these things. Sometimes it's hard to change how you've been doing things. It doesn't help that there's a lot of conflicting information around, especially as computers get better at guessing passwords.

Mozilla might take a look at the way that green bar is used, and what criteria it conveys, because it isn't helpful as a heuristic for laypeople. They also might consider linking some resources like the ones you've provided on the Primary Password Reset Screen. I don't know if they have an authenticator that would sidestep the entire issue without people having to use Google's. (I'm sure I'm not alone in trying to find more privacy-respecting tech lately.)

Either way, I digress, and I really appreciate you taking the time to give your perspective!