All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
With increased dependence on the internet and online services, the rate of cybercrime continues to increase. But what can you do to help avoid being a victim of cybercrime?
Ditching your weak password and learning how to create a strong password is a good start. That means you'll need to stop using song lyrics, pet names, and your birth year to secure your online accounts. Your unique password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.
We'll show you what good passwords look like and different strategies you can use to help keep your online banking and other accounts safe, including using the best password managers, multi-factor authentication, and authenticator apps.
How to create a strong password
Good password ideas
Other ways to keep your online information safe
FAQs
Bottom line
What do good passwords look like?
Creating strong passwords is often the first step to learning how to stay safe online. Depending on the online services you use, a password could be the key to unlocking your bank account and credit card information or personal information such as your phone number or home address.
To help create a strong password, consider how different elements work together to offer more security. This could include making your password longer and using a mix of numbers and letters. These elements might not offer the best protection alone, but together, they could help improve your password security.
Character count
Characters are the letters, digits, and symbols that make up a password. In general, the longer your password, or the greater the number of characters, the better. This is because it could make it more difficult for someone to guess your password or take longer for a program to decipher it. Keep in mind that certain websites might limit the number of characters you’re allowed to use, but using at least 12 characters is a good starting point.
A mix of uppercase and lowercase letters
Mixing in both uppercase and lowercase letters helps improve the complexity of your password. This means a person or a program now has to try more combinations of a password since they have to account for any letter potentially being uppercase or lowercase.
Numbers
If you’re accustomed to only using letters in your passwords, it’s time to add some numbers as well. The main design behind a strong password is to make it as hard to crack as possible. If there are both numbers and letters involved, that’s one more factor of complexity. Additional layers of complexity could help thwart brute force attacks, or hacking attempts that try every combination of numbers, letters, and symbols available.
Symbols
Similar to using numbers, adding symbols will help boost the complex nature of a password. Keep in mind that not every website allows all uses of symbols, though the website will typically tell you what symbols are available to use during the account creation process.
No personal information
Avoid using anything related to you, including the year you were born, your birth month, your phone number, your home address, your maiden name, your pet’s name, and more. People tend to use things they can easily remember for their passwords, but those things often overlap with what other people use. This helps to create a common reference point for people trying to crack your password. For example, there were over 3.5 million U.S. births in 1980, which is more than three million reasons not to use “1980” in a password.
No common words or phrases
Similar to avoiding personal information, it’s also important to avoid using easy to guess common words or memorable phrases that you might find in a dictionary. A frequent hacking strategy is to employ a dictionary attack to crack passwords, which systematically uses common words to guess a password. It's best not to rely on simple words as well.
Randomness
An added layer of security could be using a certain level of randomness for a password. This could include shortening words in your password by a letter, replacing vowels in words, or creating your own formula. For example, use the first letter in each of the words of your favorite song, movie, or book title. “Harry Potter and the Sorcerer's Stone” would become “hpatss,” which you could then randomize and use as part of a password.
Your overarching goal with each element you use in the password creation process is to increase a password’s complexity. A complex password will typically help reduce the chances of your password being guessed or cracked by a hacker or hacking program.
Remember to have unique passwords for each of your online accounts and use these elements to avoid weak passwords.
How to create a strong password
If you do a quick online search about creating a strong password, you’ll end up with loads of different ideas and methods. But these ideas are typically connected in one way or another to a few primary strategies, including using a password generator, creating a passphrase, and thinking of a random sentence.
Here’s how they work to help improve your online security and identity protection.
Use a random password generator
If randomness is the name of the game, random password generators are at the forefront of password security. After all, it could be difficult for you to come up with a large string of characters that uses uppercase and lowercase letters, numbers, and special characters.
Enter Avast, a cybersecurity company with over 435 million active users that blocks more than 1.5 billion cyberattacks each month. In addition to malware, VPN, and antivirus solutions, Avast also offers the Avast Random Password Generator, a customizable random password generator that’s free and easy to use.
Choose between 1 and 50 characters, as well as options for adding uppercase and lowercase letters, numbers, and special characters. Then generate your password, copy it, and use it.
Create a passphrase
While a random password generator typically includes all the elements you’d want in a strong password, it’s likely difficult to remember the passwords you generated. In this case, you might consider creating a passphrase instead.
Passphrases are often randomly chosen words that are put together to form your password. They might not include numbers or special characters. Since they’re actual words, they could be easier for you to remember. And they often contain plenty of characters to make them harder to crack.
Use a Passphrase is a popular random passphrase generator that’s free for anyone to use.
It offers options for four-word, five-word, and 12-word passphrases, including spaces. If you choose a four-word passphrase, you might end up with something like, “preppy exceeding stucco other.” According to the site, this passphrase would take 4,526,363,277 centuries to crack.
Think of a random sentence
This strategy, sometimes called the “Bruce Schneier method," takes a memorable sentence and turns it into a password. For example, “An apple a day keeps the doctor away” could become “aAADktDA” by keeping only the first letter from each word in the sentence and then randomizing the uppercase and lowercase letters.
But for further randomization, you’d also want to introduce numbers and special characters. Depending on how you think about it, you might end up with another iteration, such as “A@plADkpsTH3dA.”
Good password ideas
You can certainly make up your own strong password, but using a random password generator or a passphrase generator can help you quickly generate multiple passwords.
Here are three password examples, including their password strength, using the Avast Random Password Generator:
- Weak: Co@du1
- Strong: 1s;YB}Xqfs
- Very strong: ~p%O^{Y+apP=ehei
It’s important to note that these passwords were generated using almost all the same added filters, including adding uppercase letters, numbers, and special characters. The only difference is the password length, which ranges from 6 to 16 random characters.
According to Avast, the password length is a key element in determining how strong your password is — likely more than the other elements combined. This reinforces the point that the best password is typically long.
This is also likely why the Use a Passphrase website is still recommended as a viable resource for generating strong passwords. It doesn’t use any numbers or special characters, and it avoids switching between uppercase and lowercase letters. It does, however, use spaces between words and generates long passwords.
Here are a few examples of passwords generated from Use a Passphrase:
- carded kilowatt theft blustery
- recreate marlin unvaried serving travel
- varsity diminish fraction drone sappy cable surcharge ideology monstrous fantasize bloating supreme
The sheer number of characters and the general randomness of the words contribute to a strong password. But since these are actual words and not a bunch of random gibberish, you might have an easier time remembering them.
The most commonly used passwords
Remember to avoid using passwords that are most commonly used and easily hacked. This includes using the same password or any iteration of it.
Here are the 10 most common passwords:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
Other ways to keep your online information safe
Learning how to create a strong password is helpful, but it’s not the only way to stay safe virtually. Here are a few additional ways to help keep your online information safe:
Use a password manager
Creating strong passwords shouldn't be a hassle, and no one has time to memorize multiple passwords. Enter the password manager, which can help you securely store, manage, and generate unique passwords. This way, you don’t have to try remembering a few dozen passwords at once or reuse old passwords. Remember, you never want to use the same password for multiple accounts.
Use a password manager to safeguard your online accounts. Here are some recommendations for services that include a password generator to help protect your sensitive information from a data breach or hacker.
- NordPass: NordPass comes from the trusted Nord name, so your login information and other details will be well-protected. Its end-to-end encryption is available on the free version and the paid product, so it suits any budget.
Get NordPass | Read Our NordPass Review
- Aura: Aura is an identity theft protection service with a suite of cybersecurity features, including a password manager, to keep you safe online. Aura uses AI to block spam calls and texts, monitors data breaches for your info, and includes a virtual private network (VPN).
Keep in mind that a password manager is only as secure as the master password you use to access it.
Featured password managers
Best for | Best overall password manager | Simple password management | High-end security |
Starting price | Starts at $1.29/mo (billed every two years) | Starts at $0.99/mo | Starts at $1.45/mo (billed annually) |
Compatibility | Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Opera | Windows, macOS, Linux, iOS, Android, Chromebook, Chrome, Firefox, Edge | Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Brave, Opera |
Learn more | Get NordPass | Get Roboform | Get Keeper |
Set up multi-factor authentication
In most cases, if your password is cracked, your account will be breached. But with multi-factor authentication (MFA) or two-factor authentication (2FA), you typically need to enter the correct password and then satisfy another requirement before accessing an account. This could include receiving a PIN number or code for your phone or email.
Consider authenticator apps
This strategy uses multi-factor authentication but in a specific way. Rather than receiving a text message or an email with a code, you check your linked authenticator app. So, accessing a certain account would include entering your password and then getting a code from an authenticator app such as Google Authenticator or Microsoft Authenticator.
Opt for biometrics
Certain devices, including compatible iOS and Android devices, offer the use of biometrics for accessing different accounts. This could include using a fingerprint or facial recognition rather than entering a password. You typically still need to enter your login credentials when logging into your account for the first time, but further attempts could use your biometric information instead. Using unique biometrics could make it easier for you to access your accounts and potentially throw off hackers.
Avoid suspicious links and communication
Phishing is a cybercrime associated with cybercriminals posing as legitimate people or institutions to gain access to your personal information. You might see common phishing attempts and scams associated with email spam, messages on social media, and more. It’s always in your best interest to avoid clicking on any suspicious links or giving information to anyone you don’t know. Consider anything that might look out of the ordinary to avoid falling for a phishing attempt. This could include looking closely at email addresses, names of people, how messages are worded, strange attachments, spelling errors, and more.
FAQs
What 5 things make a strong password?
These five things help make a strong password:
- Making it different from any other password
- Using at least 12 characters, but more is better
- Using both uppercase and lowercase letters
- Using numbers and special characters
- Avoiding common words and personal information
How long should a password be?
A password should be as long as possible to provide additional security for your information. A general rule of thumb is to use at least 12 characters as a minimum, but 16 characters or longer would be even better. The characters within your password should typically include a mix of uppercase and lowercase letters, numbers, and special characters.
Are longer passwords harder to crack?
Longer passwords are typically harder to crack because there are more characters to guess. However, a long password alone is only one step to creating a strong password. In addition to having at least 12 characters, strong passwords typically include a mix of uppercase and lowercase letters, numbers, and special characters.
What is the most hacked password?
The most hacked passwords have been the same for years, with millions of people relying on the same weak passwords. These include:
- 123456 or 654321
- 123456789
- qwerty
- password or password123
- 11111111
Bottom line
Learning how to create a strong password could be the difference between keeping your sensitive information safe and being hacked. When creating a secure password, remember to use long character counts, avoid common words and phrases, and remove all personal information. We recommend using uppercase and lowercase letters, numbers, and special characters.
Staying safe while using the internet and different online services involves multiple layers of security, including using strong passwords. But this is only one step toward staying secure online. You should also consider the best identity theft protection to protect your personal information and your peace of mind.