How To Create a Strong Password (With Examples of Good Passwords)

With increased dependence on the internet and online services, the rate of cybercrime continues to increase. But what can you do to help avoid being a victim of cybercrime?

Ditching your weak password and learning how to create a strong password is a good start. That means you'll need to stop using song lyrics, pet names, and your birth year to secure your online accounts. Your unique password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. 

We'll show you what good passwords look like and different strategies you can use to help keep your online banking and other accounts safe, including using the best password managers, multi-factor authentication, and authenticator apps.

What do good passwords look like?

Creating strong passwords is often the first step to learning how to stay safe online. Depending on the online services you use, a password could be the key to unlocking your bank account and credit card information or personal information such as your phone number or home address.

To help create a strong password, consider how different elements work together to offer more security. This could include making your password longer and using a mix of numbers and letters. These elements might not offer the best protection alone, but together, they could help improve your password security.

Character count

Characters are the letters, digits, and symbols that make up a password. In general, the longer your password, or the greater the number of characters, the better. This is because it could make it more difficult for someone to guess your password or take longer for a program to decipher it. Keep in mind that certain websites might limit the number of characters you’re allowed to use, but using at least 12 characters is a good starting point.

A mix of uppercase and lowercase letters

Mixing in both uppercase and lowercase letters helps improve the complexity of your password. This means a person or a program now has to try more combinations of a password since they have to account for any letter potentially being uppercase or lowercase.

Numbers

If you’re accustomed to only using letters in your passwords, it’s time to add some numbers as well. The main design behind a strong password is to make it as hard to crack as possible. If there are both numbers and letters involved, that’s one more factor of complexity. Additional layers of complexity could help thwart brute force attacks, or hacking attempts that try every combination of numbers, letters, and symbols available.

Symbols

Similar to using numbers, adding symbols will help boost the complex nature of a password. Keep in mind that not every website allows all uses of symbols, though the website will typically tell you what symbols are available to use during the account creation process.

No personal information

Avoid using anything related to you, including the year you were born, your birth month, your phone number, your home address, your maiden name, your pet’s name, and more. People tend to use things they can easily remember for their passwords, but those things often overlap with what other people use. This helps to create a common reference point for people trying to crack your password. For example, there were over 3.5 million U.S. births in 1980, which is more than three million reasons not to use “1980” in a password. 

No common words or phrases

Similar to avoiding personal information, it’s also important to avoid using easy to guess common words or memorable phrases that you might find in a dictionary. A frequent hacking strategy is to employ a dictionary attack to crack passwords, which systematically uses common words to guess a password. It's best not to rely on simple words as well. 

Randomness

An added layer of security could be using a certain level of randomness for a password. This could include shortening words in your password by a letter, replacing vowels in words, or creating your own formula. For example, use the first letter in each of the words of your favorite song, movie, or book title. “Harry Potter and the Sorcerer's Stone” would become “hpatss,” which you could then randomize and use as part of a password.

Your overarching goal with each element you use in the password creation process is to increase a password’s complexity. A complex password will typically help reduce the chances of your password being guessed or cracked by a hacker or hacking program.

Remember to have unique passwords for each of your online accounts and use these elements to avoid weak passwords.

How to create a strong password

If you do a quick online search about creating a strong password, you’ll end up with loads of different ideas and methods. But these ideas are typically connected in one way or another to a few primary strategies, including using a password generator, creating a passphrase, and thinking of a random sentence.

Here’s how they work to help improve your online security and identity protection.

Use a random password generator

If randomness is the name of the game, random password generators are at the forefront of password security. After all, it could be difficult for you to come up with a large string of characters that uses uppercase and lowercase letters, numbers, and special characters.

Enter Avast, a cybersecurity company with over 435 million active users that blocks more than 1.5 billion cyberattacks each month. In addition to malware, VPN, and antivirus solutions, Avast also offers the Avast Random Password Generator, a customizable random password generator that’s free and easy to use.

Choose between 1 and 50 characters, as well as options for adding uppercase and lowercase letters, numbers, and special characters. Then generate your password, copy it, and use it.

Create a passphrase

While a random password generator typically includes all the elements you’d want in a strong password, it’s likely difficult to remember the passwords you generated. In this case, you might consider creating a passphrase instead.

Passphrases are often randomly chosen words that are put together to form your password. They might not include numbers or special characters. Since they’re actual words, they could be easier for you to remember. And they often contain plenty of characters to make them harder to crack.

Use a Passphrase is a popular random passphrase generator that’s free for anyone to use.

It offers options for four-word, five-word, and 12-word passphrases, including spaces. If you choose a four-word passphrase, you might end up with something like, “preppy exceeding stucco other.” According to the site, this passphrase would take 4,526,363,277 centuries to crack.

Think of a random sentence

This strategy, sometimes called the “Bruce Schneier method," takes a memorable sentence and turns it into a password. For example, “An apple a day keeps the doctor away” could become “aAADktDA” by keeping only the first letter from each word in the sentence and then randomizing the uppercase and lowercase letters.

But for further randomization, you’d also want to introduce numbers and special characters. Depending on how you think about it, you might end up with another iteration, such as “A@plADkpsTH3dA.”

Good password ideas

You can certainly make up your own strong password, but using a random password generator or a passphrase generator can help you quickly generate multiple passwords. 

Here are three password examples, including their password strength, using the Avast Random Password Generator:

• Weak: Co@du1
• Strong: 1s;YB}Xqfs
• Very strong: ~p%O^{Y+apP=ehei

It’s important to note that these passwords were generated using almost all the same added filters, including adding uppercase letters, numbers, and special characters. The only difference is the password length, which ranges from 6 to 16 random characters.

According to Avast, the password length is a key element in determining how strong your password is — likely more than the other elements combined. This reinforces the point that the best password is typically long.

This is also likely why the Use a Passphrase website is still recommended as a viable resource for generating strong passwords. It doesn’t use any numbers or special characters, and it avoids switching between uppercase and lowercase letters. It does, however, use spaces between words and generates long passwords.

Here are a few examples of passwords generated from Use a Passphrase:

• carded kilowatt theft blustery
• recreate marlin unvaried serving travel
• varsity diminish fraction drone sappy cable surcharge ideology monstrous fantasize bloating supreme

The sheer number of characters and the general randomness of the words contribute to a strong password. But since these are actual words and not a bunch of random gibberish, you might have an easier time remembering them.

The most commonly used passwords

Remember to avoid using passwords that are most commonly used and easily hacked. This includes using the same password or any iteration of it.

Here are the 10 most common passwords:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890

Other ways to keep your online information safe

Learning how to create a strong password is helpful, but it’s not the only way to stay safe virtually. Here are a few additional ways to help keep your online information safe:

Use a password manager

Creating strong passwords shouldn't be a hassle, and no one has time to memorize multiple passwords. Enter the password manager, which can help you securely store, manage, and generate unique passwords. This way, you don’t have to try remembering a few dozen passwords at once or reuse old passwords. Remember, you never want to use the same password for multiple accounts. 

Use a password manager to safeguard your online accounts. Here are some recommendations for services that include a password generator to help protect your sensitive information from a data breach or hacker. 

• NordPass: NordPass comes from the trusted Nord name, so your login information and other details will be well-protected. Its end-to-end encryption is available on the free version and the paid product, so it suits any budget.  

  Get NordPass | Read Our NordPass Review

  

  5.0

  AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

  Editorial Rating

  Learn More

  On NordPass's website

  Password Manager

  NordPass

  Save up to 56% off on Premium + 3 months extra

  • Strong encryption and security
  • User-friendly interface
  • Free version has annoying restrictions

• Aura: Aura is an identity theft protection service with a suite of cybersecurity features, including a password manager, to keep you safe online. Aura uses AI to block spam calls and texts, monitors data breaches for your info, and includes a virtual private network (VPN).

  Get Aura | Read Our Aura Review

Keep in mind that a password manager is only as secure as the master password you use to access it.

Featured password managers

Set up multi-factor authentication

In most cases, if your password is cracked, your account will be breached. But with multi-factor authentication (MFA) or two-factor authentication (2FA), you typically need to enter the correct password and then satisfy another requirement before accessing an account. This could include receiving a PIN number or code for your phone or email.

Consider authenticator apps

This strategy uses multi-factor authentication but in a specific way. Rather than receiving a text message or an email with a code, you check your linked authenticator app. So, accessing a certain account would include entering your password and then getting a code from an authenticator app such as Google Authenticator or Microsoft Authenticator.

Opt for biometrics

Certain devices, including compatible iOS and Android devices, offer the use of biometrics for accessing different accounts. This could include using a fingerprint or facial recognition rather than entering a password. You typically still need to enter your login credentials when logging into your account for the first time, but further attempts could use your biometric information instead. Using unique biometrics could make it easier for you to access your accounts and potentially throw off hackers.

Avoid suspicious links and communication

Phishing is a cybercrime associated with cybercriminals posing as legitimate people or institutions to gain access to your personal information. You might see common phishing attempts and scams associated with email spam, messages on social media, and more. It’s always in your best interest to avoid clicking on any suspicious links or giving information to anyone you don’t know. Consider anything that might look out of the ordinary to avoid falling for a phishing attempt. This could include looking closely at email addresses, names of people, how messages are worded, strange attachments, spelling errors, and more.

FAQs

Bottom line

Learning how to create a strong password could be the difference between keeping your sensitive information safe and being hacked. When creating a secure password, remember to use long character counts, avoid common words and phrases, and remove all personal information. We recommend using uppercase and lowercase letters, numbers, and special characters.

Staying safe while using the internet and different online services involves multiple layers of security, including using strong passwords. But this is only one step toward staying secure online. You should also consider the best identity theft protection to protect your personal information and your peace of mind.