Applicable to:
 Plesk for Linux
 Plesk for Windows
Applicable to:
 Plesk for Windows
 Plesk for Linux
Question
How password strength is determined for Plesk?
Answer
Passwords strengths is a sum of the following criterias. Where all characters are verified against rule set, for every match it adds some scores/weights defined for different cases.
Here is rules are applied to validate password in Plesk 11.5 and 12:

If a password is 4 or less symbols in length, it gains 3 scores.

If the length is between 5 and 7, then it gains 6 scores.

If the length is between 8 and 15, then it gains 12 scores.

If the length is 16 or more, then it gains 18 scores.

If password contains at least one lower case letter from '
a
' to 'z
', then it give us 1 score. 
If there is at least one upper case letter from
'A'
to'Z'
, then it brings 5 scores. 
If there is at least one number, then it brings 5 scores.

If there is at least three numbers, then it brings 5 scores.

If there is at least one special character from this list (without quotes): "
!, @, #, $, %, ^, &, *, ?, _, ~
", then it brings 5 scores. 
If there is at least two special characters from the list above, then it brings 5 scores.

If there is both upper and lower case, then it brings 2 scores.

If both letters and numbers, then it brings 2 scores.

If there is combination of letters and numbers and special characters, then it will give us 2 scores.
Summary:

If the sum of score less than 15, the password is Very Weak.

If the sum of scores between 15 and 24, then it is Weak password.

If the sum of scores between 25 and 34, then it is Medium password.

If the sum of scores between 35 and 44, then it is Strong password.

If the sum of score is more than 45, it is Very Strong.
Example:
Let's look how it works on the password P@ssw0rd
:
 Length between 8 and 15 (+12).
 At least one lower case letter (+1).
 At least one lower case letter uppercase (+5).
 At least one number (+5).
 At least one special character (+5).
 Have both upper and lower case (+2).
 Have both letters and numbers (+2).
 Have letters, numbers and special characters (+2).
Overall score is 34, which is less than 35. Verdict is Medium.
Comments
2 comments
Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn
Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaudbisquebatchforefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".
Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.
Hello @Peter,
Thank you for sharing your idea. I have created a feature suggestion.
The toprated features will be implemented in next Plesk updates.
Please sign in to leave a comment.