Generate a Secure Password

Choose from the options to below to generate a password

Your strong password will appear here
copied

What Is a Strong Password?

A strong password minimizes the risk of your account being compromised. While there are other important cybersecurity factors, developing stronger passwords is the easiest thing most people can do to make their information safer.

Passwords can be compromised in different ways. For example, even a perfectly secure password could become a vulnerability if it’s used on a website that experiences a data breach. While there’s no way to eliminate threats, a strong password guards against risks.

Need a password manager?
Protect your data with these top-rated password managers.
1Password
Best password generator for enterprise
$2.99/mo
Dashlane
Best value password manager
$2.75/mo
Nordpass
Best password manager for security
$2.39/mo

What Makes a Strong Password?

A strong password needs to meet several different conditions. You might think an account is safe if the website accepts it, but you must go above and beyond to create a secure password.

Longer passwords are more secure

Naturally, longer passwords are more secure than shorter ones. When Apple switched iOS PINs from four to six digits, the number of possible combinations went from 10,000 for four digits to 1,000,000 for six digits.

Computer passwords can include lowercase and capital letters and some special characters, so random guessing isn’t as practical in this case. Still, adding length to your passwords is always good as long as it can be remembered.

If you use conventional passwords, try to make each one at least 12 or 14 characters. However, passphrases like “pillars-breakfast-bonus-flooring” are usually easier to remember, even when they include 30 or more characters. We’ll cover passphrases below.

Passwords shouldn't be easy to guess

Length helps with a brute-force attack, but it won’t do as much to stop someone who already knows what your password might be. If your phone passcode is in mm/dd/yy format, everything on your phone is only as secure as your birthday.

Elements like birthdays, names of children and pets, and the word “password” won’t do much to keep you safe. Your password shouldn’t be anything that someone could guess based on other information about you.

Also, avoid seasonal passwords like “summer 2023” or “winter 2023.” These also appear high on the list of passwords that are easily guessed. If you already have any passwords like this, change them to something more secure as soon as possible.

Passwords should avoid common combinations

Along with personal information, easy keyboard paths are another problem that can make your passwords simpler to guess. Even though they add numbers, sequences like 123 don’t give you as much security as you think.

The NordPass list of the most common passwords starts with obvious combinations. The top 10 are:

  • password
  • 123456
  • 123456789
  • guest
  • qwerty
  • 12345678
  • 111111
  • 12345
  • col123456
  • 123123

Naturally, numerical sequences are some of the first things hackers test when trying to crack a password.

Passwords like those 10 are likely to be even less secure than ones with personal information. If your password involves something from your personal life, it’s at least secure from someone who doesn’t know anything about you. A password like 123456 could easily be cracked by anyone who cares enough to try.

Use a different password for each account

Many people use the same password for at least some of their accounts. A single password might be easier to remember, but it’s much more dangerous to lose.

Even if a password is secure, you don’t want it to be the only thing protecting all of your online accounts. If someone wants to get your password, there’s a good chance they’ll keep trying it on other websites where you have a secure profile.

Uniqueness is just as important as strength when it comes to creating passwords. Never reuse or duplicate passwords, particularly regarding bank accounts and social media accounts containing sensitive information.

Keeping track of so many unique passwords can be complicated if you don’t have the right software. Check out our list of the best password managers to safely track all your login credentials.

The concept behind password managers is that you can effectively create super-strong passwords for your online accounts. But you only have to remember one password that logs you into your password manager.

As long as you use strong password manager credentials plus additional security measures like multifactor authentication (MFA) and your phone’s biometrics, you have an extremely secure way of managing your passwords.

Change passwords when necessary

The longer a password is being used, the more likely it is to be cracked or stolen. You don’t have to worry about constantly changing your passwords, but it’s a good idea to refresh them at least once every 90 days. That’s especially important for bank accounts and other sensitive accounts.

Even if 90 days haven’t passed, change a password in any of these situations:

  • It is identical or similar to one of your other passwords
  • It is exposed in a data breach
  • You shared the password with someone, and don’t want them to use the account anymore
  • You used the password on a public Wi-Fi network or a public computer
  • You received a notification that someone tried to access your account

If you have 20 different online accounts, and you change the password for each one every three months, you’ll end up using a total of 80 unique passwords every year. This strategy typically leads to trouble remembering passwords and seamlessly accessing accounts.

Password managers streamline this process by creating strong passwords for you and syncing them across your devices.

Passwords should include special characters

Just as length makes a password more difficult for someone to guess, special characters expand the pool of potential passwords. Unless you choose passphrases instead of passwords, including special characters in each password is a good idea.

Most platforms accept common special characters like !, @, #, $, %, ^, &, *, (, ), and ?. Mix some into your passwords or use a password generator that automatically adds special characters.

Remember that simply adding numbers or special characters to the same base password won’t do much for your security. Don’t use sets of passwords like password1, password2, password3 — even though each is technically unique, it would be much better to use different passwords that don’t share any common elements.

Periodically ensure your password hasn't been compromised

There’s nothing that password strength can do if the password itself has already been compromised. It’s critical to avoid using passwords exposed in data breaches and published on the dark web.

Use the Have I Been Pwned tool to audit your new and existing passwords.

How Can You Create Strong Passwords?

Even if you know the requirements to make a strong password, you might not know the best way to start. Let’s look at some password management strategies that make creating and managing strong passwords easy.

Use a password generator

Password generators are a quick and reliable way to create secure passwords. Some generators allow you to select parameters, such as length, special characters, and whether you want a password or a passphrase.

Depending on your device and operating system, you may already have access to a built-in password generator. Alternatively, you can get a password generator with most top password managers, including some free ones.

Some people are apprehensive about using a password manager because they prefer remembering each password. However, as long as you use a service that syncs information in the cloud, you shouldn’t have trouble accessing your accounts on different devices.

Use a passphrase instead of a password

Some people recommend switching to passphrases instead of passwords. While a password could have any arrangement of characters, a passphrase comprises a string of several words. You can also include special characters between the words. For example, a secure passphrase could be something like dresser-fusion-quarter-tallest.

Passphrases can be easier to remember than passwords, and their length makes them much more resistant to brute-force attacks. However, they’re still subject to most of the same risks as passwords, so you don’t need to switch to passphrases if you’re more comfortable with conventional passwords.

If you decide to use passphrases, come up with a different passphrase for each website and avoid phrases that could be guessed easily.

Use phrases or quotes

If you’re having trouble remembering random passphrases, you can switch to excerpts from books, phrases, or quotes more likely to stick in your mind. The advantage of this approach is that quotes are much harder for someone to guess than basic ideas like pet names and birthdays.

Something simple like “quick-brown-fox-jumped-over” should offer a high degree of security without being difficult to remember. You need to use a different quote for each unique password, so it still may not be practical to remember your login for every account.

If remembering passphrases or quotes is an issue, use a password manager instead of putting your information at risk. Duplicating a password just to make things easier to remember is never worth the risk to your security.

How Can You Keep Your Passwords Safe?

Use a password manager

A strong password minimizes the risk that someone guesses it. However, password strength won’t help you if someone finds out what it is. Never write down passwords on a piece of paper or in any digital application that isn’t secure.

The best place to write down passwords is in a reliable password manager. As long as you remember your password for the tool, you always have access to all your login credentials. Furthermore, password managers are much more secure and convenient than the old strategy of writing down passwords on paper.

Some password managers allow you to store other pieces of information, such as credit card numbers and personal notes, along with passwords. You may also be able to access additional features such as file storage and password sharing. Our list of the best password managers has more information.

Password policies

If you share files and information in your workflow, that data is only as secure as the weakest link on your team. Password policies are a good way to minimize vulnerability to cybersecurity threats at the organizational level.

A strong password policy could include basic requirements like length, special characters, and uniqueness. You could use a reliable organizational virtual private network (VPN) or require employees to use two-factor authentication (2FA) on their accounts for extra security.

Use 2FA

2FA is an easy way to add another layer of protection to your online accounts. After setting up 2FA, you must verify your login attempts even when entering the correct password.

This process might seem tedious, but it’s worth taking the extra time to minimize the risk of an account breach. Contemporary authentication apps are secured with biometrics like Touch ID and Face ID. Instead of short message service (SMS) codes, most platforms now use push notifications or number verifications.

Share your passwords securely

It’s a good idea to keep password sharing to a minimum. Use a secure channel if you need to share a password with someone else. Never send someone a password through email or SMS.

Similarly, avoid entering your password in your Notes app or somewhere else it could be easily accessed. Password managers support secure, controlled sharing, and minimize the risk that your information is accessed by anyone other than the intended recipient.

One key benefit of password managers is that you can share an account without actually showing the person the password. Instead, the recipient usually uses a custom link that automatically fills in the password without displaying it. You can be sure the password is never sent to anyone else.

The specifics of password sharing vary from one password manager to another. If your password manager doesn’t support sharing passwords with non-users, you can utilize a free solution like Privnote to exchange login credentials without making them vulnerable.

Memorize your passwords

Remembering passwords might have been more practical in the early days of the internet, but it’s almost impossible today. While you can attempt to remember your passwords if you have a great memory, it won’t make you any safer than you would be with a secure password manager.

The main problem with remembering passwords is that most people can only do it if they use a similar password for each of their accounts. It’s never a good idea to use a simpler password just because it’s easier to remember.

How Do Passwords Get Hacked?

Here are a few ways in which your password could be threatened:

  • The platform your password is used on experiences a data breach
  • Someone guesses it based on personal information
  • Someone discovers it through a brute-force attack
  • Someone finds out one of your passwords and uses it to guess the others
  • Someone gets you to share your password directly through phishing
  • Someone accesses your password on a public device or Wi-Fi network

Creating strong passwords is challenging because there isn’t just one threat to avoid. Passwords can be compromised in many ways, and a strong password is needed.

What about phishing?

Strong, unique passwords are the best way to guard against most cybersecurity threats in 2023. Still, it doesn’t matter how strong your password is if you willingly send it to someone else.

Phishing (aka, social engineering) is tricking internet users into giving their passwords or other sensitive information to the wrong people. For example, a hacker might send you an email warning you about a breach at your bank and asking you to change your password. Instead of directing you to the bank’s website, they’ll direct you to a lookalike page and ask you to enter your login credentials.

Recent estimates place the number of unique phishing websites at around 1.27 million worldwide. While email spam filters and other systems prevent many phishing attempts, this has also led hackers to develop more sophisticated strategies.

It’s important to be vigilant about phishing to keep your information safe. These strategies help you recognize and avoid phishing attempts:

  • Don’t respond to texts, emails, or other messages asking for login credentials.
  • Use antivirus software that offers phishing protection.
  • Use 2FA where available. Even if someone takes an account password, they still won’t be able to verify their login attempt.
  • Report phishing attempts when you see them. Phishing isn’t going away anytime soon, but this will still make a difference. Google offers a built-in report tool for Gmail users.

How To Make Your Passwords Safe

It’s almost impossible to create and remember strong, unique passwords for each of your online accounts. Contemporary password managers make this process easier than ever by generating, storing, and sharing passwords across devices.

To keep your information as secure as possible, use unique passwords with 10 or more characters or unique passphrases with four or more words. Either way, you should also take additional steps to protect your digital accounts.

Set up 2FA wherever available, so a password won’t be enough to log in. Use a VPN on public Wi-Fi to keep your traffic private. Avoid writing passwords down or sharing them via email or text. Use a data monitoring service to check for compromised passwords. These precautions and strong, unique passwords ensure your online presence is kept as safe as possible.

Resources

Frequently Asked Questions About Strong Passwords

  • What is a strong password example?

    An example of a unique, strong password created by a password generator is JU4$4SX%su^N.

  • How do you create a strong password?

    There are various ways. Avoid sequential numbers or letters and your birth year or birth month/day in your password. Use a combination of at least 10 letters, numbers, and symbols. Mix different unrelated words in your password or passphrase.

  • What are the top 10 most common passwords?

    This varies depending on the source, but some of the most common passwords are:

    1. password
    2. 123456
    3. 123456789
    4. guest
    5. qwerty
    6. 12345678
    7. 111111
    8. 12345
    9. col123456
    10. 123123
  • What is the smartest password?

    A smart password includes an uppercase character, a lowercase character, a number (0-9) and/or symbol (such as !, #, or %). It should be 10 or more characters total and include no obvious personal information or common words.

  • What is the hardest password in the world?

    m#P52s@ap$V is an example of a difficult password.

Learn More

author-img

About The Password Manager, Gunnar Kallstrom:

Kallstrom, The Password Manager, is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has worked as a Computer Network Defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.

He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.

Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.

Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).