CZIP X would like to suggest using a passphrase and not a simple password. The difference resides in how much complex to break they are:
|Password||A single word, often made by a random sequence of alphanumeric characters, long 8 chars (at least) and including uppercase and lowercase letters, numbers and special characters.|
|Passphrase||A series of words separated by space that could have, each, a common sense or not.|
While you are allowed to use a password, it is strongly adviced to use a passphrase that follows these rules:
- 5 or more significative words, at least;
- words separated by spaces;
- An uppercase letter, a number and a special character in each word.
While other applications don’t, CZIP X suggests using true sentences because it’s easier to memorize that for the user, while it’s not a weakier way to resist to eventual attacks; in fact, recent studies are showing that a single password, also if truly complex, is always weakier than a passphrase and it can be discovered in a shorter time, while a true phrase (also with significative words), makes harder and longer the process to discover it while being still easy to be remembered by the author of the archive.
CZIP X passphrase strength indicator is tuned upon the above rules. Look at the following examples (in italian) :
the password “pippo” will have a very low score (12)…
the score will be a little higher if we use an uppercase letter (“Pippo”) …
replacing numbers to vocals, “P1pp0” will get an higher score but still globally low…
adding a “!” will increase the score again (17):
using a simple word long more than 8 characters but without the previous changes, will score 22:
while, writing the same password with the previous changes…:
Now, some passphrase examples that have a truly high score:
As a counter-proof, removing spaces from the last of the above examples, and replacing vocals with numbers, will dramatically reduce the score:
When you fill the first text field with a passphrase, you must rewrite it in the second text field and they have to match or CZIP X will not allow to proceed.