Creating a strong password can seem like a chore, but it can make all the difference in protecting your personal information. Follow this guide for how to create strong and secure passwords.

A password is a string of characters used to gain access to a system, whether it be a website, application or device. Passwords are a fundamental security measure for protecting sensitive data, personal accounts and proprietary information. They typically consist of a combination of letters, numbers and special characters, with varying length requirements depending on the security policies of a given platform. Most passwords are around 10 characters long and must meet specific complex rules, such as including uppercase and lowercase letters, numbers and symbols. For example, a secure password might look like this: noBx4nwM4@ETZ3R&. While this password adheres to common security standards, its randomness makes it difficult to remember, which can be a challenge for users.

A passphrase is essentially a longer version of a password, often consisting of multiple words separated by spaces or other characters. Passphrases generally contain at least 14 characters, making them more resistant to attacks. Unlike traditional passwords, which are typically a short string of random characters, passphrases are usually easier to remember. For example, a strong passphrase could be: “Lo0katthhecatthere!” This passphrase is much longer than a traditional password, making it harder for attackers to crack. Since they do not have to be grammatically correct, using random or nonsensical phrases can increase their strength.

• Passwords are generally shorter, around 8–12 characters, and must include a mix of letters, numbers and symbols to be strong.
• Passphrases are typically longer (at least 14 characters) and often consist of random words, making them more resistant to attacks.

• Due to their length and randomness, passphrases tend to have higher entropy (a measure of unpredictability), making them harder to crack than shorter passwords.
• Passwords, while still secure when properly constructed, are more vulnerable.

A strong password should include:

• Uppercase and lowercase letters (e.g., A, a, B, b)
• Numbers (e.g., 1, 2, 3)
• Special characters (e.g., !, @, #, $, %)

Instead of using a single word, consider a phrase that’s easy to remember but hard to guess. Then, modify it with numbers and symbols.

Hackers can guess passwords using details they find online, such as:

• Your name or the name of a family member
• Birthdays or anniversaries
• Pet names
• Phone numbers or addresses

If one account gets compromised, all your accounts with the same password become vulnerable. Always use different passwords for each service.

Some passwords are so commonly used that hackers try them first:

• “123456,” “password,” “letmein”
• Keyboard patterns like “abc123” or “1q2w3e4r”
• Adding “!” or “1” to the end of an otherwise weak password

Managing unique and strong passwords for every account can be overwhelming. A password manager helps securely store and organize your credentials. You can also pair it with multi-factor authentication (MFA) to add an extra layer of protection.