How Enpass checks for weak passwords?
Weak passwords are usually either not complex enough to be strong (too short, too little variation in the characters they contain, etc.) or they contain what seem like personal information that could be found online or easily guessed (dates, personal or pet names, hobbies, etc.) by anyone seeking to access your accounts.
Checking password strength in Enpass is based on a trusted password strength estimator called zxcvbn. It recognizes common names and surnames, common passwords, popular English words, other common patterns like sequences (abcd), repeats (aaa), dates, keyboard patterns (qwertyuiop).
The zxcvbn calculates the entropy (randomness) of passwords, which is a determining factor of password strength. The level of entropy and associated strengths are the table below.
| Entropy | Strength |
| <35 | Very poor |
| 35-50 | Weak |
| 50-70 | Average |
| 70-100 | Good |
| >100 | Excellent |