Entropy/Length/Complexity of a password is pretty straight forward and cant really vary much. For Dictionary Similarity, i would assume that a software just checks how many characters in a password would need to change to match any Dictionary password, or e.g. if moving all letters forward / removing dots / changing numbers to letters creates a Dictionary password.
My confusion stems from the fact that the Password Depot 16 "Quality Analyzer" tells me that a certain password has 100% Dictionary Similarity. Now, i know that a Password Dictionary doesnt consist of actual words like a real one.
The password (not a security concern anymore) is: AT78EHpsMe9
I put this into one of the many online password check tools and it gave me this result:
'AT78' + 'EHp' + 'sMe9' is not a safe word combination. The word is composed of three components: 1) The string 'AT78' follows the pattern [dictionary word][one or two digits].2) 'EHp' is a dictionary word.3) The string 'sMe9' follows the pattern [dictionary word][one or two digits].
That seems weird to me. If "AT", "EHP" and SME", three totally random letter combinations, are part of a dictionary, then i assume this is true for many many other 3-letter combinations. That doesnt make a password unsafe? You could argue it doesnt have special characters, but i dont get the reasoning above. To make sure i tested it on a more reputable site, but i got a similar result:
Your password is easily crackable. Frequently used words
This site even claimed it could be cracked "faster than the time it takes to get back from a short walk"? I personally dont count "AT" "EHP" and "SME" to my "frequently" used words, whats that about?
So my initial confusion was just, "what is Password Depot 16 actually checking Dictionary Similarities with" - but assuming that it just uses the same sources as those two sites, i want to know, is this just a false positive from the algorithm, or is that password actually unsafe, just because it has gibberish 3-Letter "words" that are matched in a Dictionary?