Password generator - evaluation makes no sense


Hey there,

I'm still testing enpass after my purchase and found another strange behaviour. For me, the evaluation of the passwords generated by enpass makes absolutely no sense.

When you look at the screenshot attached, you see 3 generated passwords, all generated with the exact same settings. One is considered beeing average, one is good and one is perfect. To my eyes, they all have the same complexity. So how can the evaluation be so different? Even if the evaluation would make any sense, why would you even offer me weaker passwords based on the given settings?

Another example: When setting up a master password, the evalutation even can turn from average to bad by actually adding a special character! So the password is now 1 character longer and enpass tells me the password is weaker. This seems crazy to me o.O


Hi @Trendsetter,

Password strength in Enpass is calculated using zxcvbn algorithm. Calculation by this method not solely rely based on length but depends upon different kind of patterns too. An additional character introduction may not necessarily result in increased strength if it introduces a pattern match according to algorithm. Please visit following link for more info.





Hi @Vinod Kumar,

thank you for the whitepaper & the explanation. To me, the algorithm still seems to be a little weird, but I'm not an cryptography expert :) Do you think there is a chance for a feature that enpass only offers the best level of password based on the settings given? Because as a user you end up quite often banging that generate button until you get the best result.

