Theia comes bundled with a common password database, and depending how on you installed Theia, the list of common passwords may or may not already be compiled into Theia.

To find out if your common password database has been compiled or not, go to the "tools" page, and scroll down to the "security settings" area, and look for a tool reading "manage unsafe passwords" (admin tool 149).

If you already see a bunch of data in your "common passwords" list, then you all you need to do is decide how secure you want passwords to be.

---

Setting the password strength option

By default, require all passwords to be at least will be set to "level 0", which is the same thing as disabling the secure password feature altogether. If you want to enable it, you need to choose a strength, from 1 through 9 (where 1 is the weakest allowed, and 9 is the strongest possible).

A setting of 4 or 5 is encouraged for typical sites, but you may decide to use a stronger or weaker system.

The algorithm for calculating how strong a password is fairly complex, but is mainly based around these assessments:

• how long the password is
• how many unique characters it contains
• how many lower case characters it contains
• how many upper case characters it contains
• whether or not it is listed in the common password database

Therefor, passwords that contain many of the same characters over and over will be less secure than passwords with lots of different characters. Most common dictionary words will also immediately knock the strength of the password down, as these are generally found in the common password database. All lower case, or all upper case, or all integer strings also are not as strong as strings containing a mix of all three.