Passwords and authentication
This page needs a recent browser (with SharedArrayBuffer support). Please update Chrome, Edge, Firefox or Safari to the latest version.
Proving who you are
- Authentication means proving you are who you claim to be. There are three classic ways:
- Something you know (a password), something you have (a phone), something you are (a fingerprint).
Stronger logins
- Biometrics — fingerprints or face scans; hard to steal, but not perfect.
- Two-step verification (2FA) — a password plus a one-time code sent to your phone.
- Even if an attacker steals your password, 2FA stops them logging in.
What makes a password strong?
- Length beats everything. Each extra character multiplies the guesses an attacker needs.
- A mix of letters, digits, and symbols helps — but a long passphrase like
correct horse battery stapleis both strong and memorable.
Build a checker
- Below, write a tiny rule: a password is "strong" only if it is long enough and has a digit.
- Real checkers also reject common passwords like
123456andpassword.
Covers: IGCSE 5.3 (authentication), A-Level 6.1, AP CSP Big Idea 5.
Write a simple strength checker. A password is strong if it is at least 8 characters AND contains a digit; otherwise weak. Print the right word for the given password.
Click Run to see the output here.