This document describes how cPanel & WHM determine password strength. This document also explains how to create passwords of different strengths so that you can meet various minimum password strength requirements.
Two factors determine a password's strength: length and complexity. A password's length is determined by the number of characters in the password. For example, the password
asdf1234 has a length of eight characters. Most cPanel & WHM passwords require a minimum password length. An increase in password length usually increases the password's strength.
When you combine letters, numbers, and symbols in a password you increase the password's complexity. A higher complexity yields a higher password strength. For example, the password
cpanelisgreat has a password strength of 25 while
cP4n3LIsGr3aT has a password strength of 100. When you repeat the same character, use dictionary based words, or use consecutive letters or numbers, you do not increase password strength. For example,
12345678 has a password strength of 1 while
18273645 has a password strength of 86.
Four categories exist for the possible characters in a password.
|Lowercase letter (a — z)|
|Capital letter (A — Z)|
The following table provides some example passwords of different lengths and complexities. For brevity, this table does not include all potential character combinations.
Do not use the examples provided verbatim. Use of these examples could create a security risk.
|Description||Example||Strength||Length||Lowercase (a — z)||Capital (A — Z)||Number (1-9)||Symbol|
|Repeating character||1||2 — ∞|
|Consecutive characters||1||2 — ∞|
|Combination lowercase and capital letter||10||2|
|Combination lowercase letter and number||18||2|
|Combination capital letter and number||18||2|
|Combination lowercase letter and symbol||20||2|
|Combination capital letter and symbol||20||2|
|Combination number and symbol||26||2|
|Combination lowercase letter, number, and symbol||34||3|
|Combination capital letter, number, and symbol||34||3|
|Example combination|| ||100||8|
You can use the Get Password Strength feature to test the strength of any password. For more information, read our WHM API 1 Functions - get_password_strength documentation.