in Resources

What is a Lowercase or Uppercase Password?

Passwords are our first line of defense for protecting online accounts. But not all passwords are created equal. When setting a password, you may be prompted to include lowercase and uppercase letters to meet complexity requirements. This quick guide will explain what lowercase and uppercase passwords are, why platforms enforce this policy, and provide tips for creating a strong mix of cases in your credentials.

What Are Lowercase Passwords?

A lowercase password contains only letters in small caps, which are lowercase or small capital letters. For example, "apple" would be an all lowercase password.

The lowercase alphabet contains 26 letters:

a b c d e f g h i j k l m n o p q r s t u v w x y z

So if a site or app requires you to use lowercase letters, these are the options you can pick from. Lowercase letters are the most common and can‘t be used to start a sentence or proper noun.

Some examples of all lowercase passwords:

  • apple
  • banana
  • orange
  • mango

While easy to type, all lowercase passwords are extremely weak because the password search space is small. There are only 26 possible letters to choose from compared to uppercase, numbers, and symbols.

According to Security.org‘s password strength checker, an all lowercase 7 character password would take less than 1 second to crack. Adding just one uppercase letter increases the crack time to 2 hours.

What Are Uppercase Passwords?

An uppercase password contains only capital letters, like "APPLE."

The uppercase alphabet also has 26 possible letters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

So if you‘re required to use uppercase letters, these are the options to pick from.

Some examples of all uppercase passwords:

  • APPLE
  • BANANA
  • ORANGE
  • MANGO

Uppercase passwords are stronger than lowercase, but still easy to crack. An all caps 7 letter password could be cracked in under 1 minute.

For the strongest protection, platforms require you to mix cases by using both lowercase and uppercase letters.

Why Mix Lowercase and Uppercase Letters?

Requiring a mix of lowercase and uppercase letters is one of the most common password policies. There are several important reasons platforms enforce this rule:

  • Greatly expands the password search space – Adding just one uppercase letter doubles the possible letter combinations. This makes brute force cracking exponentially harder.

  • Prevents weak dictionary passwords – All lowercase passwords like "apple" or "banana" are extremely easy to crack. Mixing cases thwarts simple dictionary attacks.

  • Forces users to create better passwords – It‘s easy to just type a simple word or your name in lowercase. Requiring uppercase letters pushes users to put more thought into their credentials.

  • Defends against precomputed hash attacks – Rainbow table attacks compare password hashes to a database of precomputed hashes. Mixing cases helps defeat this method.

  • Minimal effort for users – Adding one uppercase letter during password creation takes little extra effort. But it provides outsized security improvements.

Let‘s look at some examples of how a mixed case password drastically improves strength.

Password Crack Time
apple Less than 1 second
APPLE Less than 1 minute
AppLe 2 hours

As you can see, just inserting one uppercase letter takes crack time from nearly instant to over 2 hours!

Adding additional uppercase letters, numbers, and symbols can further enhance complexity. But the enormous gain from one uppercase letter shows why this simple policy is ubiquitous.

Examples of Mixed Case Passwords

When you‘re required to mix lowercase and uppercase letters, here are some tips:

  • Use a minimum of one uppercase letter, but more is okay.
  • Only capitalize the first letter or scatter uppercase letters if needed.
  • Focus on memorable words or phrases instead of random letters.

Here are some examples of strong passwords with mixed cases:

  • AppLePie
  • BanAnaBread
  • oRanGeJuice
  • spEarMint
  • pinEapple
  • peAchYogurt
  • draGonFruit

Chaotically capitalizing every other letter generally makes passwords harder to remember, without much added security. For example, aPpLePiE is only slightly stronger than AppLePie but far less memorable.

A good rule of thumb is less is more when it comes to uppercase letters. Prioritize memorability with only the minimum uppercase needed to meet requirements.

Mixing Other Character Types

For even greater strength, sites may require you to mix additional character types like:

  • Numbers – Such as "AppLePie59"
  • Symbols – Such as "oRanGe#Juice"

The more types mixed, the larger the password search space becomes. But again, focus on usability and convenience as well. A 12 character password with uppercase, lowercase, numbers and symbols may be overkill for low value accounts.

Match the password strength to the sensitivity of the data protected. For example, your online banking credentials warrant much more complexity than a forum login.

Should You Use a Password Manager?

Creating and remembering hard-to-crack passwords for every account is an enormous challenge. That‘s why using a dedicated password manager makes sense for most people.

Password manager benefits include:

  • Automatically generates strong, random passwords for each account.
  • Securely stores all your credentials in one encrypted vault.
  • Helps create unique passwords for every site and app.
  • Syncs passwords across all your devices.
  • Auto-fills passwords so you don‘t have to remember them.

Top password managers like LastPass, 1Password, and Dashlane have free and premium options available. The premium tiers add features like shared password vaults and emergency access.

Summary

Lowercase passwords contain small capital letters while uppercase passwords use capital letters. Most online platforms require using both cases in passwords to thwart simple dictionary attacks.

Adding just one uppercase letter doubles the possible letter combinations, taking crack time from nearly instant to over 2 hours for a 7 letter password. This enormous gain highlights why mixed case passwords are ubiquitous.

Prioritize usability and convenience when mixing cases in your credentials. Focus on memorable words or phrases with the minimum uppercase needed to meet requirements.

Using a dedicated password manager is also highly recommended to generate, store and auto-fill strong passwords for all your online accounts. Follow these tips to easily create passwords that include both lowercase and uppercase letters. Your accounts will remain secure while minimizing memory burden.

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.