Choosing a strong password: How to do it
One of the most important things in IT security is strong passwords. Around 80% of all hacking-related data breaches are due to stolen passwords, and cybercriminals are getting better at obtaining passwords. When user data is leaked or stolen, it constitutes a data breach, emphasizing the importance of using strong, unique passwords and two-factor authentication to protect against potential unauthorized access following a breach. That’s why strong passwords are one of the best ways to protect your data.
Cyber criminals often use software with basic features that automatically test up to hundreds of thousands of words per second, of both popular and random combinations. They use brute force attacks to systematically guess passwords. Sometimes, once they’ve tried enough random combinations, they can crack your password. It is therefore very important to use strong passwords.
What is a strong password?
A strong password is a combination of characters, numbers, and symbols that is difficult for others to guess or crack. It should be at least 12 characters long, but 14 or more is even better. A strong password should not be a word that can be found in a dictionary or the name of a person, character, product, or organization. It should also be significantly different from previous passwords and easy for the user to remember but difficult for others to guess.
Why is password security important?
Password security is crucial to prevent cybercriminals from gaining access to your online accounts and sensitive information. Weak passwords can lead to scams, financial repercussions, or identity theft. Using the same password across multiple accounts can also make it easier for hackers to gain access to all of your accounts. By creating strong, unique passwords and using a password manager, you can help keep your online accounts secure. If you want to understand how stolen credentials can be exploited, read more about identity theft here.
How to create a strong password
A strong and secure password is characterized by being unique, long, and complex.
Unique passwords
Unique passwords mean that you need different passwords for your different accounts. Never duplicate passwords. If you reuse the password and that password is hacked, the cybercriminals can quickly access all the accounts linked to the password.
Also, don’t make a new password that is similar to your last password or any of your other passwords.
Long password
Long passwords are longer than 12 characters. The longer the password, the stronger the password. All the usual advice on passwords says 8 characters, but today that’s too few. More characters than 8 makes the password harder for hackers to guess. A simple password of, say, 7 characters takes only a few seconds to hack.
Complex passwords
It is very important that your passwords are complex. This means that they must be complicated and contain numbers and characters. They should also contain both upper and lower case letters.
Your codes should contain a random combination of numbers, characters and letters that have no relation to your private life.
The combination of letters, symbols and numbers also means that the random characters and numbers can appear at the beginning, middle and end of your password. Secure passwords also alternate between lower case and upper case letters, so there shouldn’t be just one capital letter at the start of the password.
Don’t use personal information
Don’t use personal information to form your passwords, as this makes them easier to guess. Cyber criminals often do research online when trying to steal passwords, and if you have private information on your social media accounts, for example, they can easily find it.
Don’t use the following information in your passwords:
-
Your nickname or initials
-
The name of your child or pet
-
Important birthdays or years
-
The name of your road
-
Numbers from your address
Do not use common words and patterns
Cyber criminals know the most common and used passwords, so don’t use obvious words, phrases and patterns that are easy to guess in your passwords. Examples include:
-
Most used passwords like “password” or “close mind”
-
Sequences such as “abcd” or “1234”
-
Keyboard patterns such as “qwerty” or “qazwsx” (formed by simply running your fingers against the keyboard)
Creating a strong password
To create a strong password, consider using a memorable phrase like “6MonkeysRLooking^”. You can also use a password generator to create a strong, random password. Avoid using dictionary words, names, or personal info in your password. Instead, use a combination of uppercase letters, lowercase letters, numbers, and symbols. Make sure your password is at least 12 characters long, but 14 or more is better.
How to remember your password
When you need to use different passwords for all your accounts, you need to make sure you create memorable passwords so that you can remember the passwords more easily.
You can try using some of the following approaches to create strong passwords:
-
A quote from a movie or a speech
-
A song lyric or part of a poem
-
A line from a book
-
A series of words that make sense to you
-
An abbreviation - then the password with the first letter of each word in a sentence
Examples of strong passwords
For example, a memorable phrase that forms a strong password could start with each letter of a common name:
- M A T T H E W – MonkeysAlwaysTryToHideEveryWatermelon (36 characters)
The six words form a common phrase that makes your password easier to remember. It's a longer password than necessary, but you'll be sure it's a strong one.
You can also create a memorable password by taking a word you can remember and changing it to create a strong password:
- Football (weak password) → F00tb@ll? (strong password)
In this type of password, there are lower case letters, upper case letters, many characters and it includes numbers.
There are some random password generators on the web that create passwords from random words and a range of random characters, but they are usually not optimal.
Methods to protect all your passwords
Two factor authentication
Many people only have to go through one step to log in to an account, which is to type in their password. However, reused login information increases the risks associated with data breaches, making it essential to use unique passwords to mitigate the impact on multiple accounts. To increase the security of your passwords, turn on two-step verification where possible.
A two-factor authentication works by requiring you to enter both your secure passwords and an SMS code sent to your mobile. So even if you get a code hacked, cyber criminals can’t access your account as they need the SMS code.
Keep your passwords private
Your password is as private as your social security number, so only you should have it.
If you happen to share one or more of your passwords with someone or forget to log out from their computer or other device, they can see your password. It is therefore a good idea to change your password if this happens.
Use a password manager
Although the advice on remembering strong passwords is effective, for many people it can still be a hassle to remember all their multiple passwords as it almost requires a photographic memory. Therefore, it is recommended that you use a password manager to manage your passwords.
A password manager is a digital service that automatically generates strong passwords for you, while storing all your codes so you don’t have to remember them. A password manager remembers and stores all your passwords, and the only password you need to remember is your master password for the password manager itself.
How password managers work
The way password managers work is that a randomised password generated by the password manager is assigned to an account. When you need to log in to that account, you access the website or app where the account is. Then your password manager will automatically fill in the login details for that account for you. If you're curious about how password managers enhance security, learn more in our guide on why you need a password manager.
Password security best practices
-
Here are some best practices to help you keep your online accounts secure:
-
Use a unique password for each website to prevent credential stuffing attacks.
-
Use a password manager to securely store and encrypt your passwords, automatically update them, and enhance security with multi-factor authentication. If you want to know more about how MFA can protect your accounts, learn more here.
-
Don’t share a password with anyone, not even a friend or family member.
-
Never send a password by email, instant message, or any other means of communication that is not reliably secure.
-
Enable multi-factor authentication (MFA) whenever available to add an extra layer of security.
-
Change passwords immediately on accounts you suspect may have been compromised.
This post has been updated on 25-02-2025 by Sarah Krarup.

Sarah Krarup
Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.
View all posts by Sarah Krarup