The password is the most basic element of online security separating your valuable data from those who wish to steal it, so it’s worth taking the time to make a secure password. In this article, we’ll show you how to create a strong password and store it securely in a password manager.
- Using the same password for every account is not secure even if it’s a strong password, because one compromised account will lead to the breach of every other.
- Memorable passwords using dictionary words or personal info may be convenient, but they are not always as secure as randomized ones through a password generator tool.
- Use a password manager, like 1Password, for creating strong passwords and conveniently storing them.
- Strong passwords are often compromised when passwords are leaked online after a data breach, which is why you should change your password often.
It’s easy to get fatigued by the dozens or perhaps hundreds of online accounts one person can have at once. Using the same memorable password for everything is a common solution to this problem, but that makes it easy for cybercriminals to hijack your account. Keep reading for our tips on how to pick a strong password and how to manage them all.
05/01/2022 Facts checked
Rewrote the article and elaborated on good password practices.
An example of a unique and strong password created by a password generator is “JU4$4SX%su^N.” It’s twelve characters long, has no predictable pattern and contains a mixture of numbers, special characters and both uppercase and lowercase letters.
A strong password must be long, unique, have a random pattern and must be changed often.
6 Tips on How to Create a Strong Password
A strong password should be impossible to guess, and that means using a mixture of lowercase and capital letters, numbers and symbols. Passwords are stronger the longer they are and shouldn’t contain any intuitive patterns or memorable keyboard paths that can easily be guessed, like 123, ABC or QWERT.
It can be difficult to come up with a unique password for every account you own, and that’s where a password generator comes in. You can create a secure password right now using our very own password-generating tool.
Password Generator Tool
Generate a strong password using our tool below
Of course, it’s not practical to commit even one of these passwords to memory, let alone several. Password managers take away the need to remember multiple passwords by securely storing them in one place. The applicatio
n is secured with a master password — the only password you need to remember.
There are dozens of good password manager services on the web, including free password managers. Our favorite password manager is 1Password (read our 1Password review), and our favorite free password manager option is Dashlane (read our Dashlane review).
1. The Longer, the Better
With a longer password, the harder it is to guess or use brute-force methods to crack. A large part of password security comes down to the probability that it could be guessed.
Every character added to a password exponentially increases the number of potential combinations of available characters, so don’t settle for a simple password only a few characters long (most services set a minimum password length anyway). We suggest using at least 12 characters when creating strong passwords.
There are only 1,000 total combinations of the digits zero through nine, so it wouldn’t be difficult for someone with the right tools to launch a brute-force attack and try all the combinations within minutes. For example, a three-digit password consisting of numbers would not be difficult for a cybercriminal to guess.
2. Consider Passwords vs Passphrases
The terms passwords and passphrases are often used interchangeably, but passwords are a single word or string of characters, while passphrases are a sequence of discrete, multiple words.
Many favor passphrases because they are both long and easy to remember. Using the lyrics to a song is a common way to generate an easy-to-remember passphrase — however, passphrases are more secure when they use random words and avoid common words (to avoid a dictionary attack).
Longer passwords or passphrases are better than short ones, but length alone doesn’t guarantee security if it follows an intuitive pattern.
3. Random vs Patterns
Length alone isn’t enough — password strength requires an element of randomness. A long password with a predictable pattern won’t withstand hackers for long, so create a password with a pattern that can’t be easily guessed, including numbers, lowercase and uppercase letters, and add random characters when possible.
The best password managers also include password generators. LastPass is a great option because it can create a secure password on the spot and automatically fill it into your browser each time you sign into your account.
4. Never Use the Same Password Twice
All of our suggestions so far have addressed the creation of a single password. A long and random password is a strong one indeed, but using the same password for multiple accounts means all of your accounts will be under a hacker’s control if someone manages to compromise it.
Strong passwords often fall into the wrong hands when an organization suffers a data breach. Professional cybercriminals launch social engineering campaigns or exploit vulnerabilities to leak login credentials onto the dark web where they are then sold to other cybercriminals.
Making a unique password for every account you have will mitigate the effects of data breaches, and you can use HaveIBeenPwned to find out if your credentials are exposed or not.
5. Create, Store and Monitor Passwords With Password Managers
Password managers do more than generate and store passwords. They can measure the strength of each individual password and give you the big picture on your overall security posture.
For example, password managers can detect reused passwords, autofill credentials into your browser and even monitor for passwords exposed in data breaches. The information password managers provide will help you form a large-scale strategy for making strong individual passwords that work together to form a collection of secure passwords.
6. Regularly Change Your Password
The longer you stick to a single password, the higher the chance it will be compromised. Regularly changing your password will throw off all but the most determined cybercriminals.
This measure is especially useful to protect your most sensitive data, such as your online banking credentials and the password for your primary email account. Just make sure to change your password to one that is just as strong — if not stronger — than your other accounts.
7. Use Two-Factor Authentication as Backup
Even the best passwords and login information can become compromised, which is why it’s important to enable two-factor authentication or multi-factor authentication on different accounts. That way if someone tries to log in with your password, you can get an automatic phone call, verification code or text message to verify it’s actually you.
What Makes a Weak Password?
Weak passwords are short, easy to guess, reused for multiple accounts and are never changed. Some classic examples include “123456” and “password” — they’re simply too obvious.
Any recognizable word presents a security risk since it’s a coherent pattern, unlike a random string of letters, numbers and special characters like “nJdR4&W*[email protected]” Phrases made up of whole words also make for weak passwords, especially if the phrase follows an intuitive pattern, like the lyrics to a song.
You are likely using weak passwords if you use your name or part of your account’s email address or username. Passwords such as these will easily be compromised in a brute force attack.
The types of characters you use play a significant role in password security. Sticking to a single type of character — using all numbers, all lowercase characters, etc. — will keep things easy for attackers. The best strategy is to mix up lowercase and uppercase characters, numbers and special characters.
The Best Password Managers for Strong Passwords
There are dozens of applications on the market that will help you create, protect and conveniently store your passwords. A good password manager will store your many hard-to-remember passwords in an encrypted vault and autofill them into your browser each time you need to log in to an online service.
Our favorite password manager is 1Password for its impeccable security and ease of use. Its pricing plans are especially well-suited to families, small businesses and anyone who needs to accommodate multiple users.
Dashlane does a lot more than just store passwords. It acts as a full security suite and includes features such as a free VPN and an antivirus solution. If you’re an individual user, Dashlane will give you more bang for your buck than 1Password.
Another simple but solid manager is Bitwarden, which is another free option (read our Bitwarden review). Bitwarden includes a wealth of features such as multi-device sync, unlimited storage, self-hosting and more. Its open-source code is publicly available for all to see, and has been audited for security by Cure53 with reassuring results.
You can get started making unique passwords right away using the principles we’ve covered here, but a password manager will take care of that for you. If you choose to use one, they will help with creating strong passwords and will conveniently store them for you, but if not, you now know how to make one yourself.
Beyond making strong passwords, you should learn how to securely store them. We have a comprehensive guide on how to store passwords with or without a password manager.
How do you like to create strong passwords? Do you make randomized strings of numbers and characters, or do you prefer to use passphrases? What is your favorite password manager? Let us know what you think in the comments section below, and as always, thanks for reading.