Understand what makes a password strong by testing multiple passwords against a real password-strength checker, analyze the results, and document best practices for secure password creation.
| Tool | Purpose |
|---|---|
| passwordmeter.com | Password strength analysis |
Metrics provided: Score (%), Complexity rating, Additions & Deductions breakdown
| # | Password | Score | Complexity | Key Observation |
|---|---|---|---|---|
| 1 | password |
8% | ❌ Very Weak | Lowercase only, common dictionary word |
| 2 | pass@123 |
57% | Has symbol + numbers, no uppercase, too short | |
| 3 | P@ssw0rd!2026 |
100% | ✅ Very Strong | Mixed character types, 13 chars |
| 4 | T9kL$mQzI2vXw@ |
100% | ✅ Very Strong | 15 chars, fully random, no patterns |
"password" → 8% (letters only)
+ symbols + numbers
"pass@123" → 57% (+49% jump)
+ uppercase + more length
"P@ssw0rd!2026" → 100% (all requirements met)
+ full randomness + no patterns
"T9kL$mQzI2vXw@" → 100% (zero deductions)
Key insight: Length + randomness + character variety together make a password exponentially harder to crack.
- Use 12–16+ characters — longer is always better
- Mix all 4 types — uppercase, lowercase, numbers, symbols
- Avoid dictionary words — even
p@sswordis still weak - No personal info — no names, birthdays, or phone numbers
- No sequential patterns — avoid
123,abc,qwerty - Unique password per account — never reuse
- Use a password manager — generates and stores complex passwords
- Consider passphrases — e.g.,
Sun!MangoRiver9Tree— long, memorable, strong
| Attack Type | Method | Defence |
|---|---|---|
| Brute Force | Tries every combination | Use long, complex passwords |
| Dictionary Attack | Uses wordlists of common passwords | Avoid real words |
| Credential Stuffing | Uses leaked username/password pairs | Never reuse passwords |
| Rainbow Table | Precomputed hash lookups | Use unique + salted passwords |
All screenshots are in the /screenshots folder:
| File | Description |
|---|---|
01_very_weak_password.png |
password — Score: 8% |
02_medium_password.png |
pass@123 — Score: 57% |
03_strong_password.png |
P@ssw0rd!2026 — Score: 100% |
04_very_strong_password.png |
T9kL$mQzI2vXw@ — Score: 100% |
- How each character type contributes to password strength
- Why dictionary-based passwords are weak even with substitutions
- How brute force difficulty scales exponentially with length
- What credential stuffing is and why password reuse is dangerous
- How passphrases balance memorability and strength
Cybersecurity-Internship-Task-6/
├── README.md
└── screenshots/
├── 01_very_weak_password.png
├── 02_medium_password.png
├── 03_strong_password.png
└── 04_very_strong_password.png
🔒 This task was completed for educational purposes only as part of the Elevate Labs Cybersecurity Internship.