How to create a strong password in 2025
We perform independent tests and thoroughly analyze password management services to find the best options for customers to store online credentials and other sensitive information.
We prioritize full transparency, which is why we provide detailed descriptions of our in-house testing procedures and methodologies.
Learn more
Your passwords are the keys to your digital life. Despite countless warnings, many people still rely on weak, predictable passwords, since stronger ones are too complicated to remember. This misconception leaves accounts exposed to cyberthreats.
The truth is, you can have both security and convenience. With the right approach, creating a strong, unique password is easier than you think. With a password manager you can enhance your online security without the headache of forgetting your login details.
In this guide, I’ll uncover the biggest password mistakes people make and show you how to craft unbreakable passwords effortlessly. Because staying safe online shouldn’t be a struggle.
What is a strong password?
A strong password is one you can’t guess or crack using a brute force attack. Progress in the technological sphere leads to improvements in malicious hacker’s arsenal too. Therefore, strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols, such as punctuation. They should be at least 12 characters long or even longer.
Here are the main characteristics of a secure and strong password:
- At least 12 characters long or more
- Combination of uppercase and lowercase letters, numbers, and symbols
- Not a familiar name, person, character, or product
- Is not based on your personal information
- Passwords are unique for each account you have
- Significantly different from your previously used passwords
When you’re setting up an online account, there’ll often be prompts reminding you to include numbers or a certain number of characters. Some may even prevent you from setting a weak password, which is usually one word or number combination that’s easy to guess.
But even if you aren’t reminded to set a strong password, it’s imperative to do so whenever you’re setting up a new online account or changing passwords for any existing account.
How to create a strong password – 6 steps
There are numerous tools you can employ to create unique and strong passwords for all of your online accounts. The Cybernews team made password generator that generates unique and complex passwords. Here are the basic rules of creating a strong password.
1. Use a password generator for strong passwords
If you don’t have time to come up with your passwords, a password generator is the perfect tool that can suggest a strong password quickly. Our in-house secure password generator will create a sequence of random characters. Copy and use it as a password for your device, email, social media account, or anything else that requires private access.
Some password creation tools also include hints on how to remember a particular password. For example, the output:
K4k'F@F#>v_[2.z>
Is accompanied by the following clue:
KOREAN 4 korean ' FRUIT @ FRUIT # > visa _ [ 2 . zip >
Alternatively, many reliable password managers, such as NordPass, also include password generators, so you can get a two-in-one service, which can help to not only generate passwords but keep them secure, too.
2. Create a strong passphrase
Passphrases are much more secure than passwords because they’re typically longer, making them more challenging to guess or brute force. Most importantly, you can actually remember them. So, instead of choosing a word, pick a phrase and take the first letters, numbers, and punctuation from that phrase to make a good password.
There are no specific rules on how to create a strong passphrase because everyone’s preferences vary. Ideally, it should be something unique only you could come up with and remember. Here are some examples of how you can use the passphrase method to create strong passwords:
| Phrase | Password |
| I first went to Disneyland when I was 4 years old and it made me happy | I1stw2DLwIw8yrs&immJ |
| My friend Matt ate six doughnuts at the bakery café and it cost him £10 | MfMa6d@tbc&ich£10 |
| For the first time ever, Manchester United lost 5:0 to Manchester City | 4da1sttymevaMU5:02MC |
Note: Don’t use common phrases, because these are vulnerable to dictionary attacks. Create random combinations that can't be guessed.
3. Opt for a more secure version of the dictionary method
A popular method for choosing a password is to open a dictionary or book and choose a random word. However, a single word is quite easy for a threat actor to guess, so it is best to choose a few words and string them together with numbers and symbols to make a strong password.
Here are some examples of good password ideas created with this method:
| Words from the dictionary | Secure password |
| Jigsaw, quest, trait, fork | Jigsaw%Quest7trait/fork48 |
| Glimpse, stuff, prize, koala | G1impse$tuff74Prize8Koala! |
| Trombone, fish, quick, upside | Tr0mb0ne&Fish?Qu1ck^side |
4. Play around with phrases and quotes
If you want a password that’s difficult for others to guess, but easy for you to remember, it can be a good idea to use a variation on a meaningful phrase or quote. Simply take a phrase you’ll remember and swap out some of the letters for numbers and symbols.
Here are some examples of strong password ideas generated with this method.
| Quote or phrase | Secure password |
| “One for all and all for one”: The Three Musketeers | 14A&A413Mu$keteers! |
| “For the first time in forever”: Disney’s Frozen | 4da1stTymein4eva-Frozen |
| “Twinkle twinkle little star, how I wonder what you are”: nursery rhyme | TW1nkle7ittle*how1??UR |
5. Use emoticons
If you want to add symbols to your passwords without making them harder to remember, you can always use emoticons.
Although you won’t be able to add in emojis, you can use emoticons, which are coded versions, usually made up of punctuation, letters, and/or numbers.
Here are some emoticons that you can use in your passwords.
6. Customize your passwords for specific accounts
Once you’ve come up with a strong password that you can remember, you’ll still have to create different passwords for each of your online accounts. But, rather than starting the whole process again, you could simply add a different code to your password for each online account.
So, for example, if your password was cHb1%pXAuFP8 and you wanted to make it unique for your eBay account, you could add £bay on the end so you know it’s different from your original password but still memorable.
Here’s how that could work.
| Online account | Password with added code |
| cHb1%pXAuFP8EMa1l | |
| Amazon | cHb1%pXAuFP8AZN |
| eBay | cHb1%pXAuFP8£Bay |
Since all of the passwords are very similar, this is not an ideal solution, as it leaves your accounts vulnerable in case one of the passwords is guessed.
Strong password examples
Here are 4 really strong password examples:
- X5j13$#eCM1cG@Kdc
- %j8kr^Zfpr!Kf#ZjnGb$
- PkxgbEM%@hdBnub4T
- vUUN7E@!2v5TtJSyZ
As you can see, these passwords are pretty random and meaningless at first glance. While this makes them hard to memorize, they're also much more challenging for malicious hackers to crack. These passwords are strong because they are 15 characters long or even longer. Generally, all characters are in random order and contain both uppercase and lowercase letters and special characters, as well as numbers. They also don’t have any memorable keypaths or personal information that could help identify the password quicker.
How to keep your strong passwords secure
Now that you’ve set up a strong password for each of your online accounts, the next step is to keep them safe and secure from hackers or other cyberthreats. Here are some of our top tips for password safety:
- Choose a secure password manager. Use a reputable password manager to generate and store complex passwords securely. Password managers encrypt your passwords and store them in a secure vault, providing easy access when needed.
- Enable two-factor authentication. Implement two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring a second form of verification.
- Don’t save your passwords locally. Avoid saving passwords in browsers or locally on your devices. If your device is lost or compromised, locally saved passwords can be easily accessed by unauthorized individuals.
- Check if your email has been leaked. Regularly check if your email address has been involved in any data breaches. If your email is compromised, change your password immediately and update it across other accounts.
- Do not reuse passwords. Avoid using the same or similar password across multiple accounts. If one account is compromised, using unique passwords ensures that other accounts remain secure.
- Avoid personal information. Refrain from using easily accessible personal information such as your name, birthdate, or common words related to you. Hackers often use information readily available online to guess passwords.
The impact of data breaches on password security
Data breaches can expose sensitive information, including usernames, passwords, and other personal details. Even if you use strong, unique passwords, a breach of a service or website you use may lead to your credentials being stolen and exploited by cybercriminals. If your information is exposed in a breach, it’s critical to change your password immediately, not only on that service but across any other accounts where you may have reused the same password.
Many online platforms offer services that notify you when your data has been breached, which makes it easier for you to act quickly and mitigate damage. For maximum security, monitor your accounts regularly and be proactive about updating passwords when necessary.
You can also sign up for services like Have I Been Pwned to receive notifications if your email or account is found in a data breach. This allows you to take swift action and minimize any potential damage to your online security.
Conclusion
Passwords are like the lock on your apartment door – they're the one thing criminals have to go through if you're not home. Having a weak password is like a weak lock. It greatly increases the number of people who have the means to access your accounts.
Make sure to create long (at least 12 characters) and unique (mixture of uppercase and lowercase letters, numbers, and special characters) to secure your online accounts. Since these type of password are impossible to remember, get a strong password manager like NordPass or 1Password. They will store your passwords in a highly secure vault and autofill your login details whenever you try to log in.
FAQ
How to create a strong password?
To create a strong password, use more than 10 characters, a mix of uppercase and lowercase letters, numbers, and symbols. Ditch dictionary words, names, or personal info. Use phrases you can twist (like song lyrics with numbers and symbols). I also suggest using different passwords for each account. Password generators and reliable password managers can help, too.
What is a strong password example?
An example of a strong password would be !nsideMy#C4stle0fC0des. In this complex password, "C4stle" references a hobby, and "0fC0des" adds complexity. To make your password strong, make them long enough (at least 10 characters), use unique, memorable words, and avoid personal info.
What is a good 8-character password?
A good 8-character password should consist of a mix of uppercase and lowercase letters, numbers, and special symbols like %$!. However, I recommend creating a password that's at least 12 characters.
Which password would be a strong password?
A password must fulfill a few criteria to be considered strong. For starters, it needs to be lengthy, at least 12 characters. Secondly, it should consist of a combination of uppercase and lowercase letters, symbols, and numbers. Finally, it should be unique and impossible to guess rather than something obvious.
What are the top 10 passwords?
The top 10 most popular passwords as of 2024 are 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, and 1234567890. Using these while creating any online account is arguably the worst thing you can do regarding cybersecurity. Use a strong password generator and password manager instead.
Your email address will not be published. Required fields are markedmarked