A tripcode is a hashed result of a password. Standard imageboard tripcodes can be cracked with consumer grade hardware and software.
Typically tripcodes are the result of only the first 8 characters of a password, meaning "ThisPass" would give you the same result as "ThisPassword".
Tripcodes are a product of the website they're run on, there is no guarantee that they're generated and displayed faithfully. An administrator of a website can easily make that website display any text where ever they like. Because of this it's very easy for an administrator to filter out a tripcode or even hijack a tripcode.
Canonical qposts (as judged by qmap.pub) don't always use contain a tripcode, as is the case with early 4chan posts. But also interestingly a few 8chan posts are also missing a tripcode. Notably qpost #334 has a name "!ITPb.qbhqo" which matches the tripcode being used at the time, but that text is in the name slot not the tripcode slot. It's unclear what kind of legitimate reason someone would have for naming themselves a tripcode instead of naming yourself Q and having your password generate the tripcode. Post #334 is also the debut of pen proofs.
See also: QAlert Scraper