This document describes how cPanel & WHM determine password strength. This document also explains how to create passwords of different strengths so that you can meet various minimum password strength requirements.
- We strongly recommend that you use the Password Generator feature whenever it is available. For more information, read our Password and Security documentation.
- This document uses characters found on the ANSI standard US keyboard. Results for other languages and keyboard configurations may vary.
Length and complexity
Two factors determine a password's strength: length and complexity. A password's length is determined by the number of characters in the password. For example, the password
asdf1234 has a length of eight characters. Most cPanel & WHM passwords require a minimum password length. An increase in password length usually increases the password's strength.
When you combine letters, numbers, and symbols in a password you increase the password's complexity. A higher complexity yields a higher password strength. For example, the password
cpanelisgreat has a password strength of 25 while
cP4n3LIsGr3aT has a password strength of 100. When you repeat the same character, use dictionary based words, or use consecutive letters or numbers, you do not increase password strength. For example,
12345678 has a password strength of 1 while
18273645 has a password strength of 86.
Four categories exist for the possible characters in a password.
|Lowercase letter (a — z)|
|Capital letter (A — Z)|
The following table provides some example passwords of different lengths and complexities. For brevity, this table does not include all potential character combinations.
Do not use the examples provided verbatim. Use of these examples could create a security risk.
|Description||Example||Strength||Length||Lowercase (a — z)||Capital (A — Z)||Number (1-9)||Symbol|
|Repeating character||1||2 — ∞|
|Consecutive characters||1||2 — ∞|
|Combination lowercase and capital letter||10||2|
|Combination lowercase letter and number||18||2|
|Combination capital letter and number||18||2|
|Combination lowercase letter and symbol||20||2|
|Combination capital letter and symbol||20||2|
|Combination number and symbol||26||2|
|Combination lowercase letter, number, and symbol||34||3|
|Combination capital letter, number, and symbol||34||3|
|Example combination|| ||100||8|
You can use the Get Password Strength feature to test the strength of any password. For more information, read our WHM API 1 Functions - get_password_strength documentation.
Password Strength Configuration — This document explains how to define minimum strengths for passwords for all of cPanel & WHM's features that require password authentication.
UAPI Functions - PasswdStrength::get_required_strength — This document describes how to retrieve an application's minimum required password strength.