Everyone has sensitive data stored on online accounts that require unbreakable protection. However, most web users opt for easy and memorable account credentials, which are a far cry from truly strong passwords. Furthermore, many assume that the best password in a given situation is inconvenient and difficult to memorize.
Luckily, there are many ways and ideas to create strong passwords, such as using a unique password generator tool. Here, we’ll walk you through our tips and tricks for choosing and setting up strong, hard-to-guess passwords for your online accounts.
And, we’ll share some of our favorite methods for keeping your passwords safe and ways of ensuring you don’t have to hit the “Forgotten password” link ever again.
What is a strong password?
A strong password is one you can’t guess or crack using a brute force attack. Hackers use computers to try various combinations of letters, numbers, and symbols in search of the correct password. Modern computers can crack short passwords consisting of only letters and numbers in mere moments. That means progress in the technological sphere leads to improvements in malicious hacker’s arsenals, too.
As such, strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols, such as punctuation. They should be at least 12 characters long, although we recommend making them even lengthier.
Overall, here are the main characteristics of a good, secure password:
- Is at least 12 characters long. The longer your password is - the better.
- Uses uppercase and lowercase letters, numbers and special symbols. Passwords that consist of mixed characters are harder to crack.
- Doesn't contain memorable keyboard paths.
- Is not based on your personal information.
- Passwords are unique for each account you have.
When you’re setting up an online account, there’ll often be prompts reminding you to include numbers or a certain number of characters. Some may even prevent you from setting a “weak password”, which is usually one word or number combination that’s easy to guess.
But even if you aren’t reminded to set a strong password, it’s imperative to do so whenever you’re setting up a new online account or changing passwords for any existing account.
How to create a strong password?
A long password is a good password
When it comes to password security, length is critical. We recommend opting for a password that’s at least 12 characters long, even longer if you can.
Each additional symbol in a password exponentially increases the number of possible combinations. This makes passwords over a certain length essentially uncrackable, assuming you’re not using common phrases.
A strong password isn’t obvious
A good password needs to be something difficult for outsiders to guess or crack, so don’t go for anything generic, like “password” or “12345”. These two are also among the most popular passwords in the world, making them terrible password choices.
Another popular, low-effort, and ineffective password category is sequential keyboard paths. The most popular example is “qwerty,” although other options exist. These are exceptionally weak and should be avoided at all costs.
Strong passwords do not have personal information
It’s vital that you don’t include personal information in your password, like a nickname, date of birth, or pet’s name. This information is easy for hackers to find simply by looking at your social media, finding your online work profile, or by listening in on a conversation you’re having with someone else.
A good password is unique
Once you’ve created a strong password, you might be tempted to use it for all your online accounts. But, if you do that, it leaves you more vulnerable to multiple attacks.
After all, if a hacker manages to discover your password, they’ll be able to log in to every account that uses that password, which might include your emails, social media, and work accounts. Therefore, you must create a unique password for every account you own. While tedious, this practice is a critical part of proper cybersecurity hygiene.
Another crucial feature of unique passwords is that they aren’t recycled. If an old account’s credentials leak, hackers will add its password to a database of potential options to test while hacking into other accounts. Thus, using an old and “reliable” password could be your demise.
Strong passwords use special characters
Although using special characters in your passwords is an excellent way of making them extra secure, not all online services allow using any symbol you like. But most will permit the following:
Special characters are an excellent way to add randomness and unpredictability to your login credentials, thus making them stronger against brute-force attacks. There are no rules you should follow for maximum effect; just include a few special characters wherever you see fit to create the best password for your needs.
Strong password examples
Below are a few examples of good, strong passwords. As you can see, they are pretty random and meaningless at first glance. While this makes them hard to memorize, they're also much more challenging for malicious hackers to crack.
They consist of a seemingly random and long (more than 15 characters) collection of uppercase and lowercase letters, numbers, and special characters. These passwords are not generic and don't contain any memorable keypaths or personal information which hackers could use.
Best ideas for creating a good password
There are numerous tools you can employ to create unique and strong passwords for each of your online accounts. We have a ready-made password generator tool that generates unique and almost impossible to crack passwords. Alternatively, you should follow our top tips and ideas on how to set up a good password:
1. Use a password generator
If you don’t have time to come up with your passwords, a password generator is the perfect tool that can suggest a strong password quickly and easily. Our in-house secure password generator will create a sequence of random characters. Copy and use it as a password for your device, email, social media account, or anything else that requires private access.
Some password creation tools also include hints on how to remember a particular password. For example, the output:
Is accompanied by the following clue:
KOREAN 4 korean ' FRUIT @ FRUIT # > visa _ [ 2 . zip >
This is a good approach for remembering strong passwords you don’t want to store on password managers for whatever reason.
Top-notch password managers also include secure password generators. For example, 1Password can help you create unique and unbreakable passwords as well as passphrases.Get 1Password
2. Create a strong passphrase rather than a password
Passphrases are much more secure than passwords because they’re typically longer, making them more challenging to guess or brute force. So, instead of choosing a word, pick a phrase and take the first letters, numbers, and punctuation from that phrase to generate a seemingly random combination of characters.
You can even substitute various letters of a word with numbers or symbols to make the password more unpredictable and, thus, more secure. Or, try swapping out words for punctuation like we used to back in the days of text slang, if you can remember that far.
There are no specific rules on how to create a strong passphrase because everyone’s preferences vary. Ideally, it should be something unique only you could come up with and remember. Here are some examples of how you can use the passphrase method to create strong passwords:
|I first went to Disneyland when I was 4 years old and it made me happy||I1stw2DLwIw8yrs&immJ|
|My friend Matt ate six doughnuts at the bakery café and it cost him £10||MfMa6d@tbc&ich£10|
|For the first time ever, Manchester United lost 5:0 to Manchester City||4da1sttymevaMU5:02MC|
Note: don’t use common phrases, because these are vulnerable to dictionary attacks – random combinations are what you want.
3. Opt for a more secure version of dictionary method
A popular method for choosing a password is to open a dictionary or book and choose a random word. But, as random as it may seem to you, a single word is actually quite easy for a hacker to guess.
So rather than opting for just one word from the dictionary, choose a few and string them together along with numbers and symbols to make it much trickier for someone to figure out.
Here are some examples of good password ideas created with this method:
|Words from the dictionary||Secure password|
|Jigsaw, quest, trait, fork||Jigsaw%Quest7trait/fork48|
|Glimpse, stuff, prize, koala||G1impse$tuff74Prize8Koala!|
|Trombone, fish, quick, upside||Tr0mb0ne&Fish?Qu1ck^side|
4. Play around with phrases and quotes
If you want a password that’s difficult for others to guess, but easy for you to remember, it can be a good idea to use a variation on a meaningful phrase or quote. Simply take a phrase you’ll remember and swap out some of the letters for numbers and symbols.
Here are some examples of strong password ideas generated with this method:
|Quote or phrase||Secure password|
|“One for all and all for one”: The Three Musketeers||14A&A413Mu$keteers!|
|“For the first time in forever”: Disney’s Frozen||4da1stTymein4eva-Frozen|
|“Twinkle twinkle little star, how I wonder what you are”: nursery rhyme||TW1nkle7ittle*how1??UR|
5. Use emoticons
If you want to add symbols to your passwords without making them harder to remember, you can always use emoticons.
Although you won’t be able to add in emoji, you can use emoticons, which are the coded versions, usually made up of punctuation, letters and/or numbers.
Here are some emoticons that you can use in your passwords:
6. Customize your passwords for specific accounts
Once you’ve come up with a strong password that you can remember, you’ll still have to create different passwords for each of your online accounts. But, rather than starting the whole process again, you could simply add a different code into your password for each online account.
So, for example, if your password was cHb1%pXAuFP8 and you wanted to make it unique for your eBay account, you could add £bay on the end so you know it’s different to your original password but still memorable.
Here’s how that could work:
|Online account||Password with added code|
7. Commit your password to muscle memory
If you want to remember your password, it can be a good idea to practice typing it several times over. Eventually, if you type it correctly enough times, you’ll develop a muscle memory that’ll mean it’s much easier for you to remember.
However, it's quite a challenge to remember at least a dozen of long and unique passwords of all your accounts. So, this technique is only applicable with short, 4 or 6 digit passwords that you use to unlock your device or your password manager.
How to keep your passwords safe
Now that you’ve set up a strong password for each of your online accounts, the next step is to keep them safe and secure from hackers.
Here are some of our top tips on how to do that:
1. Choose a good password manager
Whether you’ve generated your own strong passwords or you’re looking for an online service to do it for you, we strongly recommend using a good password manager. A secure password manager generates, stores and manages all your passwords in one safe online account. This is really useful because it allows you to use as many unique passwords as you like without ever having to worry about memorising them.
All you need to do is save all your passwords for every online account you have on your password manager and then protect them with one “master password”. This means you only have to remember one strong password as opposed to every single one.
Once you’ve got your password manager set up, whenever you go to login to one of your online accounts, you simply type your master password into your password manager and it’ll auto-fill in your login details for this account. You don’t even need to remember which email address or username you used. A secure password manager will fill all this in for you. Here are some of the best password managers in 2023.
It may seem insecure to keep all your passwords in one place. However, a reliable password manager like 1Password is the most secure place to store your credentials. Providers never keep your vault's master password, so hackers cannot steal it even if they breach the database.Get 1Password
2. Use two-factor authentication
Even if someone does manage to steal your password, you can still prevent them from accessing your account by adding in an additional layer of security with two-factor authentication (2FA). This means that anyone trying to login to your account will have to enter a second piece of information after the correct password. This is usually a one-time code that’ll be sent directly to you.
Sometimes this will be sent to you via text message, although this isn’t necessarily the most secure way of receiving that code. After all, a hacker could steal your mobile number through SIM swap fraud and access your verification code.
We’ve found it’s much safer to use a two-factor authentication app instead, as they’re much trickier to intercept. Our favourites include:
- Google Authenticator
- Microsoft Authenticator
3. Don’t save your passwords on your phone, tablet or PC
This may sound obvious, but you must avoid saving passwords in a document, email, online note, or anything else that outsiders can view without authorization. Naturally, this applies both to digital and physical files and notes. Even password-protected zip files aren’t viable because they employ relatively weak encryption. In short, the only suitable digital vault is a high-quality password manager.
4. Check if your email has been leaked
Of course, it’s essential t to keep on top of any data breaches that may have occurred, particularly with your email account.
But how do you know if your email has been leaked? Well, we have an online personal data leak checker, which will let you know if anything like this has happened to your email account. All you need to do is enter your email address, and we’ll be able to tell you if anything has happened to it.
5. Don’t give out your password
Last but not least, it’s crucial to keep your passwords private. Even if you completely trust the person you’re giving your password to, it’s risky to send a password via text message or email in case anyone intercepts it. Even if all you’re doing is reading it out over the phone or spelling it out to the person sitting next to you, there could be someone listening in and making notes.
Conclusion: how do I make all my passwords hacker-proof?
Passwords are like the lock on your apartment door – they're the one thing criminals have to go through if you're not home. Having a weak password is like a weak lock. It greatly increases the number of people who have the means to access your accounts.
Using all the tricks in this article to create strong, memorable passwords is a good place to start increasing your security. Alternatively, get a strong password manager like 1Password and generate all your passwords automatically - that way, you won't have to remember any of them.
Whichever course you decide to take, don't put it off! Data leaks and breaches happen every day, and the next one could have your password in it.
Best password manager deals this week:
Which password would be a strong password?
A password must fulfill a few criteria to be considered strong. For starters, it needs to be lengthy, somewhere between 12 and 16 characters. Secondly, it should consist of a combination of uppercase and lowercase letters, symbols, and numbers. Finally, it should be unique and impossible to guess rather than something obvious.
What are the top 10 passwords?
The top 10 most popular passwords as of 2023 are 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, and 1234567890. Using these while creating any online account is arguably the worst thing you can do regarding cybersecurity. Use a strong password generator and password manager instead.