Choosing a passphrase

CZIP X would like to suggest using a passphrase and not a simple password. The difference resides in how much complex to break they are:

PasswordA single word, often made by a random sequence of alphanumeric characters, long 8 chars (at least) and including uppercase and lowercase letters, numbers and special characters.
PassphraseA series of words separated by space that could have, each, a common sense or not.

While you are allowed to use a password, it is strongly adviced to use a passphrase that follows these rules:

  • 5 or more significative words, at least;
  • words separated by spaces;
  • An uppercase letter, a number and a special character in each word.

While other applications don't, CZIP X suggests using true sentences because it's easier to memorize that for the user, while it's not a weakier way to resist to eventual attacks; in fact, recent studies are showing that a single password, also if truly complex, is always weakier than a passphrase and it can be discovered in a shorter time, while a true phrase (also with significative words), makes harder and longer the process to discover it while being still easy to be remembered by the author of the archive.

CZIP X passphrase strength indicator is tuned upon the above rules. Look at the following examples (in italian) :

the password "pippo" will have a very low score (12)...pass1

the score will be a little higher if we use an uppercase letter ("Pippo") ...

pass2replacing numbers to vocals, "P1pp0" will get an higher score but still globally low...

pass3

adding a "!" will increase the score again (17):

pass4

using a simple word long more than 8 characters but without the previous changes, will score 22:

pass5

while, writing the same password with the previous changes...:

pass6

Now, some passphrase examples that have a truly high score:pass7pass8

As a counter-proof, removing spaces from the last of the above examples, and replacing vocals with numbers, will dramatically reduce the score:

pass9

When you fill the first text field with a passphrase, you must rewrite it in the second text field and they have to match or CZIP X will not allow to proceed.