how to create a strong password
A strong password is long, unique for each account, and uses a mix of different character types instead of personal details or common patterns.
Quick Scoop
What makes a password “strong”
- At least 12–16 characters; longer is better for resisting brute‑force attacks.
- Mix of lowercase, uppercase, numbers, and symbols (for example, letters + 0–9 + ! @ # %).
- Not based on your name, birthday, pet, or simple words from the dictionary.
- Different password for every important account (email, banking, social media, password manager).
Think of a strong password like a sturdy front door: thick, complex lock, and not the same key as every other door you own.
Step‑by‑step: build one
- Start with a private phrase
- Pick a sentence only you would think of, like “Last summer I learned to bake 9 loaves of rye bread”.
* Avoid famous quotes or song lyrics, which attackers can guess or find in wordlists.
- Turn it into a passphrase
- Take first letters or mix whole words:
LastSummerLearnedBake9RyeLoaves→LSLb9RyeLoaves.
- Take first letters or mix whole words:
* Add separators like `- . _ !` to boost randomness: `LSLb9-Rye.Loaves!`.
- Add clever twists
- Swap letters for look‑alike numbers or symbols: a→@, i→!, o→0, s→$, e→3, etc.
* Example transformation: `LSLb9-Rye.Loaves!` → `L$Lb9-Ry3.L0av3$!`.
- Customize per site
- Attach a short, consistent pattern tied to the site to avoid reuse, like
:Amz,:GmL,:Bnk.
- Attach a short, consistent pattern tied to the site to avoid reuse, like
* Example for an email account: `L$Lb9-Ry3.L0av3$!:GmL`.
- Check: can you remember it?
- If you can reconstruct it from your phrase and rules, it’s strong and memorable.
* If you can’t, use a password manager to store it securely instead of simplifying it.
What to absolutely avoid
- Common passwords like
123456,password,qwerty, orabc123. These are in every attacker’s first list.
- Simple patterns such as
Qwerty@123, repeated letters, or straight keyboard walks like1q2w3e4r.
- Short passwords under 10–12 characters, even if they include symbols. Short length limits how secure they really are.
- Personal info (birthdays, names, favorite team, phone number) that people can guess from social media.
- Reusing the same password on multiple accounts, especially across email, banking, and social media.
If one reused password leaks in a breach, attackers can try it on your other accounts within minutes.
Extra protection: managers & 2FA
- Use a reputable password manager to generate long random passwords (20+ characters) and store them so you only remember one master password.
- Turn on two‑factor authentication (2FA) wherever possible, using an authenticator app or hardware key instead of only SMS when available.
- Regularly replace any passwords involved in breaches, and never reuse old ones on new accounts.
Information gathered from public forums or data available on the internet and portrayed here.