How to Create Strong Passwords

Protecting your accounts online is no easy task, and as our number of accounts grows, it’s crucial to find ways to keep your information safe. Creating strong passwords boosts your security online and helps protect your online accounts. Read below to learn how to create a strong password, find examples of strong passwords, and understand how using a password manager can help you protect yourself online.

What is a strong password?

A strong password should be secure enough to withstand online attacks and hacking incidents. Therefore, your password should meet the following requirements:

  • Be at least 12-14 characters long
  • Contain numbers, symbols, uppercase letters, and lowercase letters
  • Only be used once
  • Be free of personal information like birthdays, anniversary dates, pets’ names, or other known information

It might seem harmless to use your child’s birth date or pet’s name as a password. But the reality is that this information is much more accessible than we’d like to think, making passwords with this data easy to guess. Friends, strangers, and even hackers can find this kind of data through social media accounts and Google searches. Using this information as your passwords makes the password more vulnerable.

Make sure your passwords are long; 12-14 is the minimum length for a secure password, but more than 20 characters is ideal. The longer the password is, the stronger it is.

Five ways to create strong passwords

If you have a hard time coming up with your own passwords, try one of these five methods.

Use a password generator

Using a strong, random password generator is the best method for creating passwords if you struggle to create them on your own. Go to the Password Generator Tool and set your password parameters; you can customize the length, type of letter, and whether or not symbols and numbers are included. The password generator will create a strong, random password for you to use on your account.

You can use the tool to generate as many passwords as you need. For best results, select lowercase letters, uppercase letters, symbols, and numbers to be in your password.

Use random dictionary words

In general, it’s a good rule of thumb to avoid common words in a password. For example, ‘I love cats’ would be a weak password because it uses everyday words in a cohesive sentence. However, using random words can create a password that’s quite secure.

Using four or five words that mean absolutely nothing – like ‘Chicago beans Winner Left!’ – creates a strong password. According to the password strength test, that password would take most types of attacks centuries to crack; even in an online attack with fast hashing, it would take 91 years.

If you use this method, make sure that:

  • The password is at least three words and 12 characters long.
  • The words have no natural flow or cohesion to them.
  • You separate the words with spaces or dashes.
  • You include special characters.

The arbitrary nature of the words you choose, combined with spaces, dashes, numbers, and special characters, can create a strong password that’s easy to remember.

Create a passphrase or acronym

This is one of the most common methods for creating a strong password, but it’s one of the best. Using an acronym makes a password easy to remember. However, it still makes it hard to guess for hackers or anyone trying to access your account.

Take a phrase, like ‘This password for Google keeps me safe,’ and take the first letter or few letters from each. Add special characters, numbers, and capitalizations to create '23@TpfGkms@fe!24!25!'. This password would take centuries to crack in any online attack according to the password strength test.

If you use this method, make sure that:

  • The password is at least 12 characters long.
  • You intersperse uppercase and lowercase letters.
  • You include special characters.
  • The password is not based on a common expression or saying.

Make sure that you vary your phrase if you use this method for multiple passwords. Don’t just substitute a letter or number; try to come up with a new passphrase or acronym for each password to make them all strong.

Use symbols in place of letters                

You may have seen this method before, with a password like 'pa$$w0rd'. Since technology has evolved, that password is no longer secure; it’s a dictionary word, with simple substitutions for letters. However, that same principle can be used to make stronger, more secure passwords.

Pick a phrase and substitute symbols or numbers in place of letters. Include other special characters and numbers at the end, and you have a secure password. Whereas 'pa$$w0rd' takes only one hour to crack, '@k33py0urp@$$wordssafe!723!' takes centuries.

If you use this method, make sure that:

  • The password is at least 12 characters long.
  • You use a phrase of more than three words.
  • You add additional numbers and special characters in the password and at the end of the password.

If you remember what substitutions you made, these passwords are also able to be remembered. However, if you struggle with remembering your passwords, you might want to try the final method instead – using a password manager.

Use a password manager

Password managers are a great option for those who struggle to remember all the passwords they use. Password managers work as a sort of vault to store all your login information for pre-existing accounts. You only need to remember a master password for the password manager; it will take care of the rest. This makes it easier to remember your logins, but just as secure.

However, password managers don’t just store passwords. Many have an autofill option, which allows you to create unique passwords with random characters without having to develop them yourself. Roboform and LastPass are two great options for reliable password managers, and Google users also have Google’s password manager available for use.

If you struggle to come up with secure passwords and then have difficulty remembering them, try a password manager.

How long should my passwords be?

Browser window open with login window requiring username and password - we suggest the use of strong passwords

Most experts recommend that passwords be at least 12 to 16 characters long, as mentioned above. We recommend at least 20 characters. Besides that, there are no length requirements for passwords in general.

The longer a password is, the more secure it will be. However, keep in mind that some websites may have password length limits or requirements; what works for one account might not work for another.

How to check your password strength

If you already have passwords set up for your accounts, but you’re not sure how strong they are, use the password strength test tool on our site.

It tells you how long it would take to crack your password in several different types of online attacks. It provides additional helpful information like how common your password is as well. The tool provides tips for changing your password to make it stronger.

If you find that your password is weak or easily guessed, try some of the tips and methods in this article to create stronger, more secure passwords.

How to keep your passwords secure

Passwords help secure your account, but you need to make sure you’re protecting your passwords, too. Keep these password protection tips in mind.

  • Don’t store passwords in your browser. Though it’s tempting to save them to your browser, doing so means anyone who uses your browser could potentially access them.
  • Don’t share your passwords via message or email. You shouldn’t share your passwords at all, but if you do need to tell a trusted individual your login, don’t do it digitally. If the message gets intercepted or hacked, your passwords are at risk.
  • Use a VPN when browsing the web. Using a VPN, especially on free or vulnerable networks, will help prevent others on the network from intercepting your login credentials.
  • Use a strong antivirus software program. Antivirus software protects you against hackers and malware, so it helps secure your passwords against attacks.

Why are strong passwords important?

Passwords are your first defense against hackers, cybercriminals, and other online threats. The stronger your password is, the more protected you’ll be – not just online, but in real life, too. Having your bank account hacked because someone guessed the password means that you’ll lose money.

If someone gets ahold of the right accounts, you could have your identity stolen. Your online safety is important, and passwords are perhaps one of the most integral parts of maintaining it.

Make sure you’re using unique, random passwords for every login, whether it be for a social media account, credit card account, bank account, or online shopping account. While certain accounts may need to be more secure than others – like your email address and banking accounts – don’t underestimate hackers’ ability to get information from lesser accounts. Establish email encryption protocols and secure your bank accounts. Set up security questions and two-factor authentication where possible to avoid data breaches. Never share your passwords, and keep both your usernames and passwords somewhere secure.