A password is a critical line of defense in keeping your digital records and information safe. Today’s hackers use many different, rapidly evolving, and powerful methods to breach passwords and the more safeguards you use when creating a password the less likely a hacker will be able to crack your password. CyMetric evaluates your password before accepting it to determine the strength of the password as well as whether it has all of the minimum requirements. If your entry does not meet the requirements, you are notified of the issue and can try a different password. 

In essence, a strong password is one that is hard to guess while still memorable to you. The following outlines what ulta.io requires each password to contain, what it must not be, and what it could include. Following that are some suggestions for how to create a strong, memorable password.
​

Every password must:

1. Be at least eight (8) characters in length but no more than 64 characters. The longer the password the harder it is to guess.
2. Pass the password strength evaluation which considers use of common dictionary words, repetitive or sequential characters, and use of common substitutions.

A password may include:
1. Upper and lower case letters,
2. Numbers,
3. Punctuation ( such as.,;!?) and special characters (such as @#^_)< ), and
4. Spaces within a string of characters such as in a phrase. Note that any spaces at the beginning or the end of your password will be removed by the system.
​
A password must not:
1. Be a previously breached password. A list of such passwords is used to verify your entry,
2. Be shorter than eight characters or longer than 64, or
3. Have a password strength evaluation below a certain minimum level. This threshold might be hit if the password uses too many of the following:
 Common dictionary words,
 Repetitive characters (aaaaa or 22222),
 Sequential characters (1234abcd), or
 Common letter substitutions (i.e. 3 for the letter e as in “sh33p”, 4 for the letter A as in “4pple”, 0 (zero) for the letter o as in “passw0rd”, & instead of the ending ‘-and’ as in breach’d, etc.)
​

As mentioned earlier, a new password is passed through an evaluation to make sure that it fits a minimum strength level. The following items are suggestions to improve the strength of your password.
1. Use a passphrase
Instead of a single word or string of characters, create a passphrase that uses multiple words that are not commonly used dictionary words. A passphrase is a simple way to create a strong password that is easy to remember. It is advisable to use less commonly used words.
2. Use various character types
Further strengthen your password or passphrase by using numbers, punctuation, and special characters interspersed throughout.
3. Avoid l33t speak
When using numbers, punctuation, or special characters, avoid common letter replacements, called l33t speak. Some examples are:
 3 for the letter e as in “sh33p”, 4 for the letter A as in “4pple”, or 0 (zero) for the letter o as in “passw0rd”
 & (ampersand) for words that contain or end in -and, -anned, or -ant such as s&box or pl&.
 ‘ (apostrophe) for the letter e in words ending in –ed such as breach’d or removing the -e altogether such as breachd,
4. Avoid repetitive or sequential characters
Repetitive characters such as aaaaa or 33333 or sequential characters such as abcd or 1234 both reduce the strength of a password.
5. Avoid using common dictionary words.
Remember a hacking software can utilize a dictionary of thousands of common words to find your password or passphrase.
6. Avoid reusing old passwords
Even adding numbers or punctuation such as an exclamation point at the end of the old password makes for a weak password.
7. Avoid easily identified information
Information such as your name, username, or birthdate or even the name of the website is something that a hacker could know and use in breaking your password.
​

1. Test out the new password in a document before entering it into the web page.
2. Draft your passphrase in a document and modify it to make it stronger.
3. When entering the password use the view password option to see the password as you type it in rather than asterisks (****). At the end of the password entry field, is an icon that toggles whether the password is displayed or masked. Only do this if you are in a secure location without observers.
 Select the crossed-out eye icon to display the password entry
 Select the eye icon to mask the password entry with asterisks (****).
4. After you enter your new password and select the Next button, the password was accepted when the Log In page displays. If there is an issue with your entry, a message displays beneath the entry field giving you details as to the nature of the issue and you can create a different entry.
​

1. Do not write down your password. This is more reason to use a memorable passphrase. Additionally, you might consider using a reputable password manager.
2. Replace your password whenever there is a concern that it has been compromised regardless of where the compromise occurred.
3. Avoid using the same password in more than one place even with adding sequential numbers or common punctuation at the end. Hackers know to test a password with an appended “!” or a number or two.
​
For instance, if they have identified that a password such as S3curity W1ns is valid on one site, they will try the same password on all other sites they attack. They will use the same password but also test it with a number of typical endings such as S3curity W1ns! or S3curity W1ns2.