How Enpass checks for weak passwords?

Weak passwords are usually either not complex enough to be strong (too short, too little variation in the characters they contain, etc.) or they contain what seem like personal information that could be found online or easily guessed (dates, personal or pet names, hobbies, etc.) by anyone seeking to access your accounts.

Checking password strength in Enpass is based on a trusted password strength estimator called zxcvbn. It recognizes common names and surnames, common passwords, popular English words, other common patterns like sequences (abcd), repeats (aaa), dates, keyboard patterns (qwertyuiop).

The zxcvbn calculates the entropy (randomness) of passwords, which is a determining factor of password strength. The level of entropy and associated strengths are the table below.

Entropy Strength
<35 Very poor
35-50 Weak
50-70 Average
70-100 Good
>100 Excellent

Read more about...

How Enpass checks for compromised passwords