In several places, Formstack asks Users to enter a new (or a first) password and we provide a password meter that measures how strong of a password you've chosen. While it's very easy to choose a weak password, it can be somewhat harder to choose one that is rated as OK or Strong. This document addresses how the strength of our passwords are scored to better help you chose a strong, secure password that will be accepted.
One of the things our password meter is looking for is a variety of different character types. There are four different varieties that it is looking for, which are:
- Numerals (Ten different characters: 0 to 9)
- Upper Case Letters (26 different characters: A to Z)
- Lower Case Letters (26 more characters: a to z)
- Any other character (Many different characters, but we assume 123 in our program: @!$%^&[}, for example. Spaces, such as ' ', also counts in this group)
If you're using a password that has characters from all four of those groups, the password meter is then looking for length. It is possible to get an OK or Strong password with characters from 3 or fewer of those groups, but it will have to be longer. Think of it as a trade-off, as you can choose a password with more character variety and less total characters or one with less character variety and more characters.
Here are some rough guidelines for what is needed depending on the character variety used:
- A password with characters from all four groups would need to be 11 characters long to be OK (example: $5rfDweH65d) and 15 characters long to be Strong (example: $5rfDweH65dF6Gh).
- A password with Mixed case letters and numbers would need to be 14 characters long to be OK (example: aG7d3rFdF9jgdG) and 19 characters long to be Strong (example: aG7d3rFdF9jgdG5gF0m).
- A password with lowercase letters and numbers would need to be 16 characters long to be OK (example: h9e7dhncjus6glei) and 22 characters long to be Strong (example: h9e7dhncjus6glei7djv9s).
While this is more strict than our password guidelines have been in the past, this update aimed at increasing the security for our Users and Forms.