Understanding Password Quality and Password Complexity

Passwords are still the most common method of authenticating users online, and password strength is constantly something that is being called into question. One of the most basic levels for increasing digital security is to institute a strong, complex password policy and train end-users on adhering to it to the letter. Unfortunately, this step is not always 100% effective for increasing password strength because strength is no guarantee of password quality.

When it comes down to it, password complexity plays a huge role in understanding password quality – but only insofar as we understand that password complexity itself is a complex idea. Password Complexity is a typical aspect of most password policies, which include aspects such as:

  • Number of Characters
  • Case of Characters (upper-case/lower-case)
  • Alphanumeric
  • blacklisting dictionary words/personal information
  • Password History
  • Expiration intervals

Password quality is the measurement of how a given password addresses these various aspects. A rule of thumb is that password length equals password strength – as longer passwords increase the amount of combinations exponentially. However, end-users often attempt to address each aspect of a complex password policy with a password that represents something that is much easier to remember than a password with a truly high password quality score. In cases such as these, no matter the various combinations possible with a password, it can often be a simple matter to determine based on the user in question

PortalGuard comes equipped with a full suite of password management features, including complete administrative control over password policies and password quality requirements. Of special not is the ability that PortalGuard provides administrators with to blacklist any information that is present in the user database for a given user, as well as a custom list of dictionary words. By providing full control over blacklists and password policy requirements, PortalGuard allows organizations to create a legitimately strong password policy to enforce end-users to create passwords with a high password quality score.

PortalGuard also provides a fully customizable interface for warnings and error messages – allowing organizations to provide useful, informative feedback to help end-users appropriately adhere to any strong password policy.

For more information on password complexity, check out this blog article, or download the white paper to see how PortalGuard Self-service Password Reset helps keep password quality high and user-frustration low.