SLHC utilizes the the zxcvbn library (developed by Dropbox) for our password meter. That, along with our requirement for medium to strong passwords on all customer accounts, means the password criteria for new users is based on a different a style of password that users may not be used to, which favours easier to remember and harder to crack chains of words rather than typical password patterns.
While we don’t want to make our customers frustrated when creating passwords, we do want to do everything we can to help keep their information safe. The use of a strong, unique password is one of the most important things a user can do to keep attackers from gaining access to their accounts.
Only passwords rated as Medium or Strong are accepted for new user accounts.
How to Pick a Strong Password?
To create a password that meets our strength requirements, it’s recommended to use a mix of four or more random, common words, for example:
correcthorsebatterystsple. While this style of password might break from the common password patterns typically encouraged, it will be much more difficult for computers to crack while remaining easily memorable. If your password still falls below the required Medium or Strong password strength level, feel free to add some special characters, upper and lower case letters or numbers to strengthen it.
The password strengths meter may seem random, but the zxcvbn library is in fact recognizing and rejecting common patterns such as dates, phrases, names, keyboard patterns (123456789), and even pop culture references, which can weaken passwords. To see how your own password is being evaluated, try out the official zxcvbn strength tester. For a more technical glance at the zxcbvn library, take a look at the blog post announcing the zxcvbn library.
Another way to ease password worries is to offload remembering your strong passwords to a password vault. Software like LastPass and 1Password are written with security in mind and make saving and recalling unique passwords dead simple. To lessen the friction of using a password vault, both pieces of software have browser extensions that auto-fill login forms with nothing more than a mouse click. This makes setting a complex password for every site a non-issue.