How Enpass checks for weak passwords
Weak passwords are usually either not complex enough to be strong (too short, too little variation in the characters they contain, and so forth) or they contain anything that seems like personal information that could be found online or easily guessed (dates, personal or pet names, hobbies, and so forth) by anyone seeking to access your accounts.
Checking password strength in Enpass is based on a trusted password strength estimator called zxcvbn. It recognizes common names and surnames, common passwords, popular English words, other common patterns like sequences (abcd), repeats (aaa), dates, keyboard patterns (qwertyuiop).
Zxcvbn calculates the entropy (randomness) of passwords, which is a determining factor of password strength. This table represents the various strengths of password entropy:
| Bits of Entropy | Password Strength |
| <35 | Very poor |
| 35-50 | Weak |
| 50-70 | Average |
| 70-100 | Good |
| >100 | Excellent |