Alphanumeric Characters and Alphanumeric Password Requirements

Alphanumeric Characters and Alphanumeric Password Requirements

Thousands of businesses across the globe save time and money with Okta. Find out what the impact of identity could be for your organization.

Alphanumeric Characters and Alphanumeric Password Requirements

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

An alphanumeric password contains numbers, letters, and special characters (like an ampersand or hashtag). In theory, alphanumeric passwords are harder to crack than those containing just letters. But they can also be harder to both create and remember.

Almost 80 percent of us reset our passwords every 90 days due to simple forgetting. It’s hard to think about making passwords even more complicated.

But this simple step could help protect a company’s important assets and valuable data.

What is an alphanumeric password?

Does your password contain simple alpha characters? If you type in something like "password" to get into your system, you don't have an alphanumeric password. If you must tap in "p@ssw3rd$," you're following the rules we're discussing here.

When your company enables an alphanumeric password requirement, you're required to use a password with:

  • Letters. Anything from A to Z counts. You might be required to mix uppercase and lowercase versions.

  • Numbers. Anything from 0 to 10 works.

  • Special characters. Unusual symbols from dashes to dollar signs to parenthesis are included.

Dig into the math, and you'll understand why these steps are important.

If your password contains just six letters, a hacker has 266 guessing options. If your password contains 12 characters, including numbers and symbols, a hacker has 7212 possibilities. It takes much, much longer to guess a password like this.

No standard alphanumeric rules exist. Some companies ask for more characters, and others need fewer.

Create the perfect alphanumeric password: examples

If your company requires alphanumeric passwords, you must be creative to meet all of the rules and regulations.

For example, Harvard University requires passwords that are:

  • Long. Passwords must contain at least ten characters, but students can use up to 100. 

  • Varied. Students must use at least five unique characters.

  • Alphanumeric. Writers must include uppercase letters, lowercase versions, and special characters.

What should a password for a company like this look like?

An ideal password is:

  • Randomized. Don't use anything identifiable, such as your name, address, or pet's name.

  • Easy to remember. Phrases are harder to forget than random strings of data.

  • Scrambled. Don't put numbers and characters in a pile at the beginning and end.

Let's imagine that we've just finished watching Grey's Anatomy. We haven't posted about the show anywhere on social media, and we don't work as a writer or an actor for the show. We could use this program to create an alphanumeric password for Harvard.

Here are a few alphanumeric password examples with this theory:

  • Gr@y&At0m

  • (r@yz&at0My

  • Gr8yz&atOMY!

When you come up with the perfect password, don't put it on a Post-It note on your monitor or share it with your best friend. Think of it as a closely guarded secret that can keep your company safe.

And remember that hackers can crack even the strongest password. The best way to strengthen your password is to add in another factor, such as something you have in your possession. So-called "two-factor authentication" is much harder for a hacker to manipulate and crack. We've written up a white paper about this practice, and we encourage you to check it out.


Study: 78 Percent of People Forget Their Passwords and Then Go for Reset. (December 2019). Digital Information World.

What Are the Password Requirements and Why Are They Important? Harvard University.

The Mathematics of Hacking Passwords. (April 2019). Scientific American.

How to Create a Good and Strong Password. (May 2021). Cybernews.

How to Create the Perfect Password. (May 2016). The Guardian.