Passwords

How to Create Strong Passwords

  • Reading Time: 3 mins
  • Source: The SecDev Foundation
  • Last Update: September 17, 2021
  • Type: How-To
Illustration of a man with strong arms lifting up a big key.

Our personal and professional lives increasingly revolve around online accounts. Email, social media, file sharing, messaging, video watching, banking, shopping, backing up data – all of these services require users to have accounts. So you probably have dozens of various accounts to remember and keep safe.

Passwords are your first line of defense against anyone who would like to steal these accounts, spy on you, or use your data or documents accessed through these accounts for criminal purposes.

You need strong passwords

Not all passwords are equally good at protecting accounts. Hundreds of millions of users around the world still use passwords that are very easy to guess or hack. Gone are the days when passwords were cracked by supersmart hackers with years of experience and unique skills and tools. Today most passwords are hacked through widely available software that tries different combinations of known words and characters until it finds the one that works. This method of cracking a password is known as brute force attack.

So in order to protect your accounts and information in them, you need to protect them with strong passwords, that is, passwords that are very difficult to crack. In practice, this means using passwords that are so complex that cracking them with brute force tools will require too much time for anyone to even consider.

Create a password that is hard to crack

  • Make it long
    This is the most critical factor. Use at least 12 characters, more if possible.
  • Mix characters
    The more you mix up upper-case and lower-case letters, numbers and symbols, the harder your password is to crack. Passwords made up of random characters are much stronger than those containing words. So, the password iLoVeYOu56&# is stronger than iloveyou9!, but a much more secure option would be iL3*Ov50&0Ey6824(2uO.
  • Don’t use memorable keyboard paths or obvious words
    Passwords like qwerty, 12345678, password123 and myemailpass are easiest to crack.
  • Avoid common substitutions
    Although character substitutions make passwords stronger, avoid the most common character substitutions. D00RB3LL is a slight improvement over DOORBELL but it is still very easy to crack. Include random characters instead.
  • Don’t use personal information
    If you are at risk of being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts. This may include your dog’s name, the city you were born in, the sports team you are rooting for, your child’s name, your date of birth and so on.
  • Don’t reuse passwords
    Ideally all of your accounts and devices should have unique passwords. If someone steals or cracks a password to one of your accounts, they will try to hack into all other accounts you have by trying the stolen password and its modifications.

At this point, you might feel that having really strong passwords for each of your accounts is a bit too much. How will you remember all these passwords? Well, you only need to remember a single strong password. A password manager will do the rest for you.

Learn more

Digital Risks Icon Digital Risks Passwords Icon Passwords Devices Icon Devices Data Icon Data Conversations Icon Conversations Digital Identity Icon Digital Identity

This site is licensed as Creative Commons BY-NC-SA 4.0. Please read our attribution policy to learn about freely redistributing out work.