← Level 1

Password Strength

● In Progress
Why Does Password Strength Matter?

A password is your only defense against someone accessing your account. A weak password is like leaving your front door unlocked — easy for someone to get in. A strong password is like having multiple locks and security systems.

Here's the scary part: Attackers don't sit around typing passwords manually. They use computer programs that can try millions (or even billions) of password guesses per second. Your password needs to be hard enough that even these automated tools would take years or centuries to crack it.

Your job in this challenge is to experiment and figure out what makes a password strong enough that computers can't easily crack it. Try different approaches and pay attention to how the strength changes!

Real Impact

In 2012, LinkedIn suffered a data breach exposing 6.5 million password hashes. Because many users chose weak passwords like '123456' or 'linkedin', attackers cracked millions of them within hours. Strong passwords would have taken centuries to crack.

Your Objective

Create a password that scores "Strong" or "Very Strong" to complete this challenge.

Instructions

  1. Type a password in the box below (don't use your real passwords!)
  2. See instant feedback on how strong it is
  3. Experiment with different approaches: short vs long, simple vs complex
  4. Try to understand WHY some passwords are stronger than others
⚠️ Don't use your real passwords. Use examples only.
Show Examples
Weak Examples
  • 123456
  • qwerty
  • Summer2024!
  • john1990
Strong Examples
  • correct horse battery staple
  • MyDog$Ate3Pizzas!
  • the-quick-brown-fox
  • QdRWgrM3LxukPW

💡 Need Help?

Hints reveal progressively more information. Try to solve it yourself first!

Password strength is measured by how long it would take an attacker to guess it. Attackers use automated tools that can try billions of combinations per second. The key factors are: length, unpredictability, and avoiding common patterns.

Example: A password like 'password123' can be cracked in less than a second because it's in every attacker's dictionary.

Attackers know that humans are predictable. They try: dictionary words, names + birthdays, keyboard patterns (qwerty), common substitutions (@ for a, 3 for e), and seasonal patterns (Summer2024!). Avoid these patterns.

Example: Even 'P@ssw0rd!' is weak because attackers know people substitute letters with symbols.

The strongest approach is using a passphrase: 4+ random words strung together. This creates length (the most important factor) while remaining memorable. Alternatively, use a password manager to generate and store random passwords.

Example: Try: 'correct horse battery staple' or 'purple-elephant-dancing-tuesday' — these are long, random, and memorable.

Further Reading

Tip: Check if your email or existing passwords have been compromised using Have I Been Pwned — it's safe and privacy-respecting.

Have I Been Pwned - Password Checker
Check if your password has been exposed in a data breach.
Have I Been Pwned - Email Checker
Check if your email has appeared in any known data breaches.
Bitwarden Password Strength Tester
Another tool to test password strength with detailed feedback.
NIST Password Guidelines
Official guidance on password security from NIST.
Why Use a Password Manager
NCSC guide on password managers.
← Back to Level 1