Setting a New Password: Why Certain Messages Appear and How to Choose a Secure Password
When setting a new password, you may receive a message such as "Password is too simple" or "This password is too commonly used." This can be confusing, but it is designed to protect your account as effectively as possible from unauthorized access. Below, we explain why these messages appear and how you can choose a secure password.
Why Do These Messages Appear?
Our systems check whether the password you create or modify meets our security criteria. This check is performed on three levels:
Is the Password Too Simple?
If a password is too easy to guess, you will receive the message "Password is too simple." This means your password is not complex enough and could be easily cracked by attackers. We assess password strength using zxcvbn, an advanced algorithm that evaluates passwords based on length, predictability, and complexity.
Has the Password Been Leaked Before?
We also check whether the password appears in known data breaches. If it has, you will receive the message "This password is too commonly used." This means the password has been compromised in a past data breach and may be used by hackers in credential stuffing attacks. To check this, we use the Have I Been Pwned database, which tracks millions of compromised passwords.
Does the Password Meet Our Rules?
In addition to the above checks, we apply additional password rules, which are listed on the registration or change page. If your password does not meet these requirements, you will receive a clear message explaining the specific reason.
What Can You Do?
Would you like to choose a strong and secure password? Follow these guidelines:
Use at least 12 characters (preferably more) with a combination of uppercase letters, lowercase letters, numbers, and special characters.
Avoid predictable words such as "password," "123456," or your own name.
Use a password manager to generate and store unique passwords for different accounts.
By following these measures, we help you protect your account as effectively as possible and minimize the risk of data breaches or unauthorized access.