Insufficient Password Strength

Password strength is a measure of how effective a password is. Insufficient Password Strength exists when a password policy does not aid the user in selecting a password that is strong enough to protect against guessing and brute force attacks. 

Password policies are a set of rules put in place to improve computer security by encouraging users to employ the strongest possible passwords and to use them properly. In its usual form, it estimates how many attempts an attacker would need, on average, to guess  a password correctly. The strength of a password is determined by its length, complexity, and unpredictability. A strong password would consist of a combination of upper and lowercase letters, numbers and special characters and should be at least 8 characters long. Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers’ capabilities to perform password cracking.