Skip to main content

New Password Requirements

Updated

Introduction

User passwords are similar to keys to the user's home or vault. That is why system administrators often demand complex, impossible-to-remember, passwords requiring special characters and random numerals. Very often systems reject user-selected passwords because they are not long enough or otherwise do not meet complexity requirements. That is also why most users struggle with choosing a password that would be both not too simplistic (like Password1) and easy to remember. 

According to a recent British study, passwords are usually obvious: around 50 percent of computer users select passwords based on names of a family member, spouse, partner, or a pet. Hence, they are easy to hack. 

Perfect Gym's new password requirements for PGM, POSweb, Client Portal, PG mobile apps and API v2 are now based on zxcvbn. 

  • This article will help in describing the rules used in the New Password Requirements mechanism built for both providing user data safety and increasing password usability. 
  • This article will be helpful to PG Champion, Administrator, Club Manager and Club Owner. 

Feature description

What is zxcvbn?

zxcvbn is an alternative password strength estimator developed by Dropbox. Using leaked passwords, estimations are compared to the best of four modern guessing attacks and show it to be accurate and conservative at low magnitudes, suitable for mitigating online attacks.

zxcvbn was named after the same keyboard area as “qwerty” (just two rows down). It’s designed to make picking a strong password easy for humans to generate and hard for robots to guess.

Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names, and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.

zxcvbn runs in milliseconds and works as-is on the web, iOS, and Android.

Instruction

How to enter the password?

1. Open the chosen application.

The New Password Requirements work when logging into the PGM, POSweb, Client Portal, PG mobile apps, and API v2. It means that it both concerns club employees' passwords and club members' passwords. 

2. Enter credentials - login and password.

3. You will be asked to change your password to a new one. 

Your password should be unique, long, and complex according to the zxcvbn requirements. Read carefully what you should avoid when creating your new password. 

4. Having entered the new password, you will see the information about the Password strength or the numeric representation of the password’s strength.

  • With the numeric representation, the score will range between 0 and 4 - with 0 being the weakest and 4 being the strongest.
    • The system will reject anything < 3 to avoid even moderately guessable passwords. 
  • Only when Password strength: Normal, Strong or Very strong will be displayed, the password will be accepted by the system
    • When Password strength: Very weak or Weak will be displayed, the password will be rejected by the system

5. You will be successfully logged into the application with the new password. 

What should I avoid in my password? 

  • Your name, surname, pet's name or birthdate - it will be considered too easy to guess.
  • Dates associated with you and recent years - it will be considered too easy to guess.
  • Reusing old passwords - the system will reject them. 
  • Passwords like ABCDE... abcabc...aaa...or 123456... - the system will reject them. 
  • Too short passwords - you should create a longer password with a variety of characters.
    • You can also see the information to add another word or two. Uncommon words are better. 
  • Short keyboard patterns - qwerty, asdf, zxcvbn - it will be considered too easy to guess.
  • Adding capital letters instead of longer or complex passwords - capital letters will not result in increased complexity of the password. 
  • Adding reversed words instead of longer or complex passwords - reversed words will not result in increased complexity of the password. 
  • Adding predictable substitutions like @ instead of a - these substitutions will not result in increased complexity of the password. 
  • Very common passwords - the system will reject them. 
    • You can also see the information that the password you entered is a top-10 or top-100 common password - don't use it!

Hints

If you are interested in the creation of a strong password, visit the Dropbox webpage

Mind that when entering the wrong password too many times, the system will automatically block your account. 

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles