Passwords can live on a gradient between weak or strong – easy to break or incredibly hard. The difference can be staggering: While a password consisting of ten letters with no special characters will be breached instantly using modern technology for a brute force attack, a password consisting of 16 characters combining uppercase and lowercase letters, numbers, and special characters, will take millions* of years. Which basically means: It cannot be breached.
To find out how strong a password is, a password strength checker is a great help. Such tools should be implemented in state-of-the-art IAM or access management systems in the registration as well as the password reset process. Weak passwords should not be allowed at all and if done right, the password strength checker also weeds out such passwords that were already breached to prevent password spraying attacks.
*December 2023