Password Weakness Warnings

We all use passwords to secure accounts and safeguard our data. To best protect our information we need to use strong passwords. What makes a password strong? In a nutshell, a strong password is one that cannot be easily guessed. To assist you in creating secure passwords Codebook for iOS and macOS (coming soon to Windows) test passwords for several weaknesses when they are created or edited and warns you when a weakness is found.

  1. Length - the longer a password is the better. A short password can be more easily guessed or cracked using brute force methods.
  2. Types of Characters - using mixed characters makes the password more complex and therefore more difficult to guess.

    You should use a combination of:

    • Uppercase characters
    • Lowercase characters
    • Numbers: 0123456789
    • Nonalphanumeric characters: !@#$%^&*?
  3. Embedded Words - You should avoid putting common words (words that would be in a dictionary) within a password. Examples: password123 or Blueismyfavorite
  4. Words with Alphanumeric Substitutions - replacing a non alphabetic character for a letter in a dictionary word. An example would be P@ssw0rd, '@' is substituted for 'a' and '0' is substituted for 'o' in the word password. Since there are pseudo embedded words, the password is more easily guessed than a random list of characters.

    Here is the list of character substitutions that are detected.

    • a: 4, @
    • b: 8
    • c: (, {, [, <
    • e: 3
    • g: 6, 9
    • i: 1, !, |
    • l: 1, |, 7
    • o: 0
    • s: $, 5
    • t: +, 7
    • x: %
    • z: 2
  5. Repeated Characters - a character repeated multiple times should be avoided.

There you have the explanations for the warnings you may encouter when you are creating a password in Codebook.

To avoid password weakness warnings altogether, you can use the Generate/Generate Random password feature to let Codebook create strong passwords for you.