High Quality, User Friendly, Cross-Platform Software!
Share
Follow Us
What's New (Ewert Technologies Blog)
  • PWMinder Desktop 3.4.0 Released
    03 December 2025

    PWMinder Desktop 3.4.0 is a critical release and includes an update for Dropbox to allow PWMinder Desktop to continue to work with Dropbox after

    ...
  • PWMinder Android 1.2.6 Released
    08 July 2025

    PWMinder Password Manager 1.2.3, for Android Devices, is now available on the Google Play Store. PWMinder for Android is a convenient,

    ...
  • iPWMinder 2.0.6 Released
    09 April 2024

    iPWMinder 2.0.6 has been released, and is now available on the App Store.

    The post ...

  • PWMinder Desktop 3.3.3 Released
    12 December 2023

    At Ewert Technologies we are pleased to announce the release of PWMinder Desktop 3.3.3. PWMinder Desktop is a Password Manager for Windows and

    ...

Ewert Technologies Home

Introduction

Everyone can agree, that to maintain online privacy and security, using Strong Passwords is crucial. What is a little harder to agree on, however, is what determines a strong password. Most sites will give some suggestions/requirements as to what a strong password should include, such as: having a minimum number of characters, including numbers, etc. (see Password Tips page for some more information), but can a password's strength be measured quantitatively?

The answer is yes, and no. Yes, we can come up with an algorithm, or set of parameters or criteria, that we can use to score a password's strength, but there is no universally accepted way to give a password a quantitative score; and each system used to score a password needs to make some decisions and trade-offs as to what to value more than others. This doesn't mean, however, that Password Strength measurements are of no use. A password strength score can help give you a general idea of how strong a password is, and can be used to give a relative evaluation of passwords. Bear in mind that just because a password has a high strength score, doesn't mean it can't be hacked or broken.

PWMinder Password Strength Evaluator

PWMinder Desktop includes a Password Evaluator, which gives a score, and strength value to your passwords. This can give you a general idea of how good your various passwords are.

Password Strength Example

In version 3.1.3, the method for determining the score was slightly adjusted, and the same method will be used in upcoming releases of PWMinder Android, and iPWMinder. The following is the algorithm/criteria used in the PWMinder Suite of products.

A password starts with a score of zero, then gets several additions and deductions, and ends up with a score out of 100.

Additions

  • Score += (Password Length * 5)
  • Score += (Number of Symbols * 3)
  • Score += (Number of Unique Characters * 2)
  • Score += (Number of Requirements1 met * 4)
1Requirements are:
  1. Password length >= 8
  2. Password contains at least one Uppercase Letter (A-Z)
  3. Password contains at least one Lowercase Letter (a-z)
  4. Password contains at least one Digit (0-9)
  5. Password contains at least one Symbol (i.e. not a Letter or a Digit)

Deductions

  • If the Password is all Letters (case insensitive), then: Score -= (Password Length * 1)
  • If the Password is all Digits, then: Score -= (Password length * 1)
  • If the Password has repeated consecutive characters, then: Score -= (Number of repeated consecutive characters * 3)
  • If the Password has consecutive character types (e.g. Uppercase, Lowercase, Digits, Symbols), then: Score -= (Number of consecutive characters types * 2)
  • If the Password has sequential characters, then: Score -= (Number of sequential characters * 3)

Notes:

Repeated Consecutive Characters only starts counting after the first character, e.g. "111" has 2 repeated characters. If more than one group of repeated consecutive characters is found the number is cumulative, e.g. "11aa" is 2, "11aa11" is 3, "1111aa" is 4

Consecutive Characters Types only starts counting after the first character, e.g. "abc" has 2 consecutive lower case characters. If more than one group of consecutive characters is found, the number is cumulative, e.g. "aevgz+LNPQ" has 7 consecutive character types (4 lowercase and 3 uppercase).

Sequential Characters are only counted when there are 3 or more sequential characters, eg. "abcde"f is 4, "abc" is 1, "ab" and a are 0. If more than one group of sequential characters is found, the number is cumulative, e.g. "abcde+lmno" is 5. Sequential is case sensitive, i.e. "aBcD" is not considered as sequential.

Qualitative Score

PWMinder uses the following qualitative scoring system, based on the calculated score:

Score Value
0-20 Very Weak
21-50 Weak
51-60 Fair
61-80 Strong
81-100 Very Strong

Examples

Password Score Strength
abc 15 Very Weak
3a$ 36 Weak
htsfg-G 56 Fair
ABC-12a3f 77 Strong
123a$4aACz 82 Very Strong

References

The password strength score calculations are adapted from the following:

Sample Login Screen

Passwords

Passwords; we can't seem to get away without them, as they are currently the standard way of protecting our digital data. Even with passwords, personal data can still be at risk. There are two main ways that hackers can get past a password defence. Firstly, if you use a weak, or easily guessed password, a hacker can guess, or use brute force, to come up with your password. The other way is when attackers hack the computer system of a company or organization and steal all of the users' passwords.

To minimize the first type of attack, it is important to create and use strong passwords. While this does not guarantee that a determined hacker won't be able to break through, it helps to reduce the chances. For the second type of attack, there is not much an individual can do to prevent a hacker from stealing their password from an organization, but there are ways to limit the impact. The main thing is to ensure you don't use the same password for different sites or accounts.  Once a hacker has stolen passwords for one site, they will try to use those same passwords on other sites. Another way to thwart hackers is to change your passwords regularly and if you hear of a site or organization being hacked, change your password immediately.

Strong Passwords

To help create Strong Passwords, use the following list of Do's and Don'ts

Do's

  1. Use a password with at least 8 to 10 characters. The more characters in the password, the more combinations there are, making it more difficult to hack it. For example, if a password only has upper case letters, a four-character password would have approximately 450,000 combinations, if it had six characters there would be approximately 31,000,000 combinations, and if you use 8 characters, there would be approximately 210,000,000,000 combinations.
  2. Use a combination of numbers and letters, and use a mix of UPPER and lower case letters. This also increases the number of combinations. For example, if a four characters password only uses upper case letters, there would be approximately 450,000 combinations, if it uses both upper and lower case letters, there would be approximately 7,000,000 combinations, and if numbers were included as well, then there would be approximately 15,000,000,000 combinations.
  3. Add a special character. This again increases the number of combinations and reduces the risk of a dictionary attack, where hackers attempt to use common words.
  4. Change your password every few months. This way, if your password has been discovered, it will eventually be changed and the hacker will again be out of luck.
  5. To help create passwords that you can remember, use a phrase you can remember, and then take the first letter of each word in the phrase, then append a number to it.  For example, the phrase: This is a password phrase could give a password like Tiapp123.
  6. Use a Password Manager, like PWMinder Suite, to help you remember, and keep track of your passwords in a secure way.

Don'ts

  1. Don't use password or 1234 as your password (you'd be surprised how many people do that).  See this cnet article for more examples.
  2. Don't write your passwords down, or store them unencrypted on your computer.
  3. Don't use a word or name that is personally associated with you, such as a family member's name, birth month, city born in, etc. If a hacker can find information about you, they will try to use that information to guess your password.
  4. Don't use common words. These are easily cracked using a dictionary attack, where hackers will attempt to find your passwords by trying all words in a dictionary list of common words.
  5. Don't use the same password for all of your accounts and websites. If one of your passwords were to be exposed, then the hacker would immediately know the password for all of your other accounts and websites.

Two-Factor Authentication

Diagram explaing Two-Factor Authentication

Using strong passwords is a good start, but there is still a chance a hacker will get a hold of your password, either by guessing, using brute force or more likely by hacking the database of the website you log in to. To add an extra layer of protection, many prominent websites are now employing two-factor authentication. The basic idea of two-factor authentication is that in order to log in, a Web Site will ask for something you know and for something you have. Typically the something you know is your typical password. The something you have is often your mobile phone. After entering your password, the website will send a one-time use code to your mobile phone, often as a text message.  If this code is not used within a short period of time, it will expire. In this way, someone trying to log in as you, will need to know your password and be able to receive a text message on your phone. Instead of using text messages many sites also offer integration with passcode generator apps such as Google Authenticator. These apps display passcodes that change every few seconds/minutes, which you then use to enter as your second form of authentication. Again, this protects you, because a hacker would need access to one of these passcodes from your phone.

Two-factor authentication can be tedious, but most sites have a setting that once you have logged in once, using two-factor authentication, you can set it to remember that computer as trusted, so you don't need to go through the process every time.

Not all Web Sites offer two-factor, but several major ones do, such as Google, Facebook, PayPal, Twitter, LinkedIn and Dropbox.  If you use any of these sites I would highly recommend setting up two-factor authentication.

With the development of new features, changes to the data structure of the Repository may need to be made. Updates to the various products need to be made to work with these changes. Repository files have a version, that gets upgraded as changes get made to the structure of the data. The version of the Repository does not necessarily coincide with the version of the individual products.  The table below lists the history of the Repository versions and the corresponding version of the products that are compatible with it.

Repository Version Desktop Version iOS Version Android Version
1.0 1.0.x n/a n/a
2.0 2.0.x n/a n/a
2.5 2.5.x n/a n/a
2.6 2.6.x, 3.0.x, 3.1.x, 3.2.x 1.x.x, 2.x.x 1.x.x

Older Repository files can be upgraded, using PWMinder Desktop, for example, you can upgrade a version 2.0 or 2.5 Repository to 2.6 using either PWMinder Desktop 2.6 or 3.0 or 3.1.

File Lock

PWMinder stores all of the passwords and other information in a Repository. This Repository is saved in a file with a .pwm extension. A Repository file is just like any other file on your computer or smartphone and can be copied, moved and/or deleted.  This makes it very easy to manage your Repository(ies); you can easily move the file from one computer to another or copy it from your computer to your smartphone. Repository files can also be stored on Dropbox, making it even easier to share your passwords across computers and devices.

Picture of Vault

Within the PWMinder Suite of products, a Repository is the central storage place where all of your password records are stored, kind of like a safe. You give the Repository a name and description and secure it with a Master Password. Each password Record, in the Repository, is grouped into a Category, to make it easy to organize your various password Records. PWMinder comes with a set of standard categories, but using PWMinder Desktop you can create as many custom Categories as you want.

Repositories are compatible with all of the products within the PWMinder Suite; so that a Repository created using PWMinder Desktop can be viewed and edited using iPWMinder, PWMinder Android, etc.

You can manage more than one Repository of password records. This is very useful in cases where you would like to have a separate Repository for home passwords and work passwords or would like separate Repositories for each person in your family.

Each Repository has its data stored in an encrypted file and often this is referred to as the Repository file. Each Repository has its own Repository file.  Because the Repository is stored as a file, it makes it easy to copy, move and back up your data. Repository files can also be used with Dropbox, making it even easier to access and sync your password data across your multiple devices.

  1. PWMinder Suite

Subcategories

PWMinder Desktop

Category for all PWMinder Desktop pages.

iPWMinder

Category for iPWMinder pages.

PWMinder Android

Category for all PWMinder Android pages.

Land Acknowledgement

With gratitude, Ewert Technologies acknowledges that we are based on the traditional, ancestral, and unceded territories of the Skwxwú7mesh-ulh Temíx̱w (Squamish), səl̓ilwətaɁɬ təməxʷ(Tsleil-Waututh), and šxʷməθkʷəy̓əmaɁɬ təməxʷ (Musqueam) Nations.