By now, you may have noticed that our President Day's upgrades introduced a password strength bar. You'll see this bar both in your user profile when logged into our platform and on the password reset page if you lose your password at any time.
In an effort to establish a security standard that each site on our network can be proud of, LexBlog is now requiring that each newly created password be of at least "Medium" strength. We already do quite a bit of work to ensure a secure platform, and one of the most important steps you take to keep your site safe is using a strong password. However, without knowing more about what constitutes a "secure" password, it's easy to feel like the strength meter that you encounter when changing/resetting your password is completely random! Fortunately, that's not the case.
The meter that indicates the relative strength of your password relies on the zxcvbn library, developed by Dropbox. This library rejects common patterns like dates, phrases, names, keyboard patterns (123456789), and even pop culture references! To create a strong password that meets this algorithm's requirements, we recommend using a mix of four of more random, common words.
This may seem counterintuitive, but such patterns are much more difficult to crack and keeps your password memorable when compared to a random string of letters, numbers, and characters. For example treasurethirdsmartaccess is a "Medium" strength password, and using the zxcvbn password strength tester, I can see that this will take three months for a typical computer to crack!
While we understand this requirement may be frustrating at first, you can rest easy knowing that your blog is even more secure with this simple feature.