Overview

This document describes how cPanel & WHM determine password strength. This document also explains how to create passwords of different strengths so that you can meet various minimum password strength requirements.

  • We strongly recommend that you use the Password Generator feature whenever it is available. For more information, read our Password and Security documentation.
  • This document uses characters found on the ANSI standard US keyboard. Results for other languages and keyboard configurations may vary.

Length and complexity

Two factors determine a password's strength: length and complexity. A password's length is determined by the number of characters in the password. For example, the password asdf1234 has a length of eight characters. Most cPanel & WHM passwords require a minimum password length. An increase in password length usually increases the password's strength. 

When you combine letters, numbers, and symbols in a password you increase the password's complexity. A higher complexity yields a higher password strength. For example, the password cpanelisgreat has a password strength of 25 while cP4n3LIsGr3aT has a password strength of 100. When you repeat the same character, use dictionary based words, or use consecutive letters or numbers, you do not increase password strength. For example, 12345678 has a password strength of 1 while 18273645 has a password strength of 86.  

Categories

Four categories exist for the possible characters in a password.

DescriptionExample
Lowercase letter (a — z)a
Capital letter (A — Z)A 
Number (0-9)1

Symbol (!@#$%^&*()`~-_=+[{]}\|;:'",<.>/?)

  • Some symbols yield a higher strength valuation than others.
  • Symbols are also known as special characters.


$

Combinations

The following table provides some example passwords of different lengths and complexities. For brevity, this table does not include all potential character combinations.

Do not use the examples provided verbatim. Use of these examples could create a security risk.


DescriptionExampleStrengthLengthLowercase (a — z)Capital (A — Z)Number (1-9)Symbol
Repeating character

aa, aaa, aaaa

11, 111, 1111

12 — ∞    
Consecutive characters

12345678

abcdefgh

12 — ∞    
Combination lowercase and capital letteraA102(tick)(tick)  
Combination lowercase letter and numbera1182(tick) (tick) 
Combination capital letter and numberA1182 (tick)(tick) 
Combination lowercase letter and symbola#202(tick)  (tick)
Combination capital letter and symbolA#202 (tick) (tick)
Combination number and symbol1#262  (tick)(tick)
Combination lowercase letter, number, and symbola#1343(tick) (tick)(tick)
Combination capital letter, number, and symbolA#1343 (tick)(tick)(tick)
Example combination12345luggage5412(tick) (tick) 
Example combinationA1b2c3%747(tick)(tick)(tick)(tick)
Example combination

cP4n3LIsGr3aT

10011(tick)(tick)(tick)(tick)
Example combination A1b2c3%?
1008(tick)(tick)(tick)(tick)


You can use the Get Password Strength feature to test the strength of any password. For more information, read our WHM API 1 Functions - get_password_strength documentation.


Additional documentation