Jump to content

Is my password strong enough

Recommended Posts

  • Root Admin

The following links provide examples of password strength.

Please note these sites are not related to Malwarebytes and are only provided for reference only and not as an endorsement of any kind.


NIST 800-63 Password Guidelines

NIST Password Guidelines and Best Practices for 2020


Example of why a longer password is more secure

The following password will often satisfy most business password requirements.

The following password which does not use the recommendations of numbers and symbols still tests as more secure


There is nothing wrong with adding numbers and symbols but it should be something you can remember without writing it down or use a Password Manger to make much easier.

Also, remember DO NOT use the same password on more than one site. All sites should have or use their own unique password. Why using a password manager today makes it much easier to manage.

Highly recommended that you DO NOT use single-sign on web links such as Facebook, Google, etc that allow you to log onto other sites.



















Edited by AdvancedSetup
Updated information
  • Like 2
Link to post
Share on other sites

I'm not sure what you mean by "encryption algorithm".  The encryption algorithm is the tactic and methodology that uses a Key to scramble a file, stream or data set into a new format  that with that Key can be reversed back into an original format.  The encryption algorithm may be a complex mathematical equation that can and will vary.  The Key is something like a PKI Certificate or a Password.  XChaCha20  appears to be a password.

The "strength" pf a password, and thus the complexity for its obtainment, increases as a function of the number of characters and the type of characters being used.

XChaCha20  only uses 9 characters consisting of;   Upper Case, Lower Case and Numbers.

Usually most systems may request a minimum of 8 characters and that was 9.  So while it is not bad, it isn't great.  However it does not uses Special Characters [ 1Example: ! @ # $ % ^ & * - _ ~ ] which increases the complexity of the password and thus its inherent Strength.

So I think XChaCha20  is not strong enough as compared to the following derivative examples:  X!ChaCha20$ ,   XCha-Cha$$20 ,   !XCha$Cha20! ,   -XCha**Cha20-    or   X-Cha-Cha-20

A really strong password is at least 10 Characters consisting of...

  • 2 x Upper
  • 2 x Lower
  • 2 x Numbers
  • 2 x Special Characters


1.  Some system don't allow Special Characters or have a limited subset of usable characters.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Hi Dave,

I should have given context and attribution.

This particular combination came from a NordPass blog by Lukas Grigas.https://nordpass.com/blog/lastpass-breach/. This blog post contains Lukas's reasons why NordPass users can feel more confident about using their  product, especially if the LastPass breach makes you adverse to all password managers.

He writes: First, one of the key elements of NordPass is that it is a zero-knowledge password manager equipped with an advanced encryption algorithm known as XChaCha20 to ensure protection of everything you store in NordPass."

What is a zero-knowledge password manager?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.