This article will help you understand how to choose strong passwords to use with Black Pear apps.
Core requires you to authenticate using your identity (email address) and a strong password. This article provides background
We don't enforce a requirement for a specific number of characters of a specific case, numbers, other characters etc. Unfortunately, users tend to choose passwords that are easy to remember but still satisfy the rules (e.g. P@55word).
xkcd sums it up perfectly:
Choosing a password
You must choose a password with sufficient length and uniqueness to make it pass our strength test. Password strength is checked using Dropbox's zxcvbn library and only passwords that are estimated to take more than 10^10 attempts to guess are allowed.
If you want to experiment with your passwords you can use an online tool such as https://www.bennish.net/password-strength-checker/.
There are some further strategies to help choose and remember your password.
One option is to use a memorable phrase, with each word having a capital letter (e.g. ColonelMustardDidIt ). Don't use any phrase that would be easily discoverable (such as our example !).
You may have tens or even hundreds of systems for which you need to remember the credentials. It is difficult to memorise unique passwords for each system and therefore it is tempting to reuse passwords. Unfortunately, reusing passwords means that if one is compromised, all the other accounts where it is use can now be accessed!
To help manage this, you can use password manager software (e.g. 1Password, mSecure) to generate strong passwords and securely store them, making them available to you when you need them. We recommend using dedicated password manager software, however we recognise that not everyone is able to use one. Provided that you aren't working on a shared machine or account, using the password manager in your web browser is an acceptable alternative for managing web logins.