How To Create a Strong Password (With Examples of Good Passwords)

With increased dependence on the internet and online services, the rate of cybercrime continues to increase. But what can you do to help avoid being a victim of cybercrime?

Learning how to create a strong password is a good start. You should include at least 12 characters, a mix of uppercase and lowercase letters, and symbols, among other elements. 

We'll show you what good passwords look like and different strategies you can use to help keep your online information safe, including using the best password managers, multifactor authentication, and authenticator apps.

What do good passwords look like?

Creating a strong password is often the first step to learning how to stay safe online. Depending on the types of online services you use, a password could be the key to unlocking your bank account and credit card information or personal information such as your phone number or home address.

To help create a strong password, consider how different elements work together to offer more security. This could include making your password longer and using a mix of numbers and letters. These elements might not offer the best protection alone, but together they could help improve your password security:

Character count

Characters are the letters, digits, and symbols that make up a password. In general, the longer your password, or the greater the number of characters, the better. This is because it could make it more difficult for someone to guess your password or take longer for a program to decipher it. Keep in mind that certain websites might limit the number of characters you’re allowed to use, but using at least 12 characters is a good starting point.

A mix of uppercase and lowercase letters

Mixing in both uppercase and lowercase letters helps improve the complexity of your password. This means a person or a program now has to try more combinations of a password since they have to account for any letter potentially being uppercase or lowercase.

Numbers

If you’re accustomed to only using letters in your passwords, it’s time to add some numbers as well. The main design behind a strong password is to make it as hard to crack as possible. If there are both numbers and letters involved, that’s one more factor of complexity. Additional layers of complexity could help thwart brute force attacks, or hacking attempts that try every combination of numbers, letters, and symbols available.

Symbols

Similar to using numbers, adding symbols will help boost the complex nature of a password. Keep in mind that not every website allows all uses of symbols, though the website will typically tell you what symbols are available to use during the account creation process.

No personal information

Avoid using anything related to you, including the year you were born, your birth month, your phone number, your home address, your maiden name, your pet’s name, and more. People tend to use things they can easily remember for their passwords, but those things often overlap with what other people use. This helps to create a common reference point for people trying to crack your password. For example, there were over 3.5 million U.S. births in 1980, which is more than three million reasons not to use “1980” in a password.

No common words or phrases

Similar to avoiding personal information, it’s also important to avoid using common words or phrases that you might find in a dictionary. A frequent hacking strategy is to employ a dictionary attack to crack passwords, which systematically uses common words to guess a password.

Randomness

An added layer of security could be using a certain level of randomness for a password. This could include shortening words in your password by a letter, replacing vowels in words, or creating your own formula. For example, use the first letter in each of the words of your favorite song, movie, or book title. “Harry Potter and the Sorcerer's Stone” would become “hpatss,” which you could then randomize and use as part of a password.

Your overarching goal with each element you use in the password creation process is to increase a password’s complexity. A complex password will typically help reduce the chances of your password being guessed or cracked by a hacker or hacking program.

Remember to have unique passwords for each of your online accounts and use these elements to avoid weak passwords.

How to create a strong password

If you do a quick online search about creating a strong password, you’ll end up with loads of different ideas and methods. But these ideas are typically connected in one way or another to a few primary strategies, including using a password generator, creating a passphrase, and thinking of a random sentence.

Here’s how they work to help improve your online security and identity protection.

Use a random password generator

If randomness is the name of the game, random password generators are at the forefront of password security. After all, it could be difficult for you to come up with a large string of characters that uses uppercase and lowercase letters, numbers, and special characters.

Enter Avast, a cybersecurity company with over 435 million active users that blocks more than 1.5 billion cyberattacks each month. Other than malware, VPN, and antivirus solutions, Avast also offers the Avast Random Password Generator, a customizable random password generator that’s free and easy to use.

Choose between 1 and 50 characters, as well as options for adding uppercase and lowercase letters, numbers, and special characters. Then generate your password, copy it, and use it.

Create a passphrase

While a random password generator typically includes all the elements you’d want in a strong password, it’s likely difficult to remember the passwords you generated. In this case, you might consider creating a passphrase instead.

Passphrases are often randomly chosen words that are put together to form your password. They might not include numbers or special characters. Since they’re actual words, they could be easier for you to remember. And they often contain plenty of characters to make them harder to crack.

Use a Passphrase is a popular random passphrase generator that’s free for anyone to use.

It offers options for four-word, five-word, and 12-word passphrases, including spaces. If you choose a four-word passphrase, you might end up with something like, “preppy exceeding stucco other.” According to the site, this passphrase would take 4,526,363,277 centuries to crack.

Think of a random sentence

This strategy, sometimes called the “Bruce Schneier method,’ takes a memorable sentence and turns it into a password. For example, “An apple a day keeps the doctor away” could become “aAADktDA” by only keeping the first letter from each word in the sentence and then randomizing the uppercase and lowercase letters.

But for further randomization, you’d also want to introduce numbers and special characters. Depending on how you think about it, you might end up with another iteration, such as “A@plADkpsTH3dA.”

Good password ideas

Using the Avast Random Password Generator and Use a Passphrase sites mentioned above, see how to come up with good password ideas.

Here are three password examples, including their password strength, using the Avast Random Password Generator:

• Weak: Co@du1
• Strong: 1s;YB}Xqfs
• Very strong: ~p%O^{Y+apP=ehei

It’s important to note that these passwords were generated using almost all the same added filters, including adding uppercase letters, numbers, and special characters. The only difference between them is the password length, which ranges from 6 to 16 random characters.

According to Avast, the password length is a key element in determining how strong your password is — likely more than the other elements combined. This reinforces the point that the best password is typically long.

This is also likely why the Use a Passphrase website is still recommended as a viable resource for generating strong passwords. It doesn’t use any numbers or special characters, and it avoids switching between uppercase and lowercase letters. It does, however, use spaces between words and generates long passwords.

Here are a few examples of passwords generated from Use a Passphrase:

• carded kilowatt theft blustery
• recreate marlin unvaried serving travel
• varsity diminish fraction drone sappy cable surcharge ideology monstrous fantasize bloating supreme

The sheer number of characters and the general randomness of the words contribute to a strong password. But since these are actual words and not a bunch of random gibberish, you might have an easier time remembering them.

The most commonly used passwords

Remember to completely avoid anything to do with passwords that are most commonly used and easily hacked. This includes using the exact password or any iteration of it.

According to extensive research by CyberNews, here are the 10 most common passwords in 2022:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890

Other ways to keep your online information safe

Learning how to create a strong password is helpful, but it’s not the only way to stay safe virtually. Here are a few additional ways to help keep your online information safe:

Use a password manager

A password manager typically offers ways to generate strong passwords and securely store your passwords. This way, you don’t have to try and remember a few dozen passwords at once or reuse old passwords. Here are some recommendations for password managers and services that include password managers to protect your personal information:

• NordPass: NordPass comes from the trusted Nord name, so your login information and other details will be well-protected. Its end-to-end encryption is available on the free version and on the paid product, so it can suit any budget.  

  Get NordPass | Read Our NordPass Review

  

  4.8

  AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

  Editorial Rating

  Learn More

  On NordPass's website

  NordPass

  50% off + 3 months free

  • Strong encryption and security
  • User-friendly interface
  • Free version is limited to one device at a time

• Bitdefender: Along with offering reliable antivirus protection, Bitdefender also offers a password manager with its security suites. Its password manager provides password strength advice, autofill, and automatic password leak alerts.

  Get Bitdefender | Read Our Bitdefender Review

• Aura: Aura is an identity theft protection service that also comes with a suite of cybersecurity features, including a password manager, to keep you safe online. Aura also uses AI to block spam calls and texts, monitors data breaches for your info, and includes a virtual private network (VPN).

  Get Aura | Read Our Aura Review

Keep in mind that a password manager is only as secure as the master password you use to access it.

Featured password managers

Best for	Best overall password manager	Simple password management	High-end security
Starting price	Starts at $1.49/mo for first 2 yrs	Starts at $0.99/mo	Starts at $2.92/mo (billed annually)
Compatibility	Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Opera	Windows, macOS, Linux, iOS, Android, Chromebook, Chrome, Firefox, Edge	Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Brave, Opera
Learn more	Get NordPass	Get Roboform	Get Keeper

Set up multi-factor authentication

In most cases, if your password is cracked, your account will be breached. But with multi-factor authentication or two-factor authentication, you typically need to enter the correct password and then satisfy another requirement before accessing an account. This could include receiving a pin number or code to your phone or email.

Consider authenticator apps

This strategy uses multi-factor authentication but in a specific way. Rather than receiving a text message or an email with a code, you check your linked authenticator app. So the process of accessing a certain account would include entering your password and then getting a code from an authenticator app such as Google Authenticator or Microsoft Authenticator.

Opt for biometrics

Certain devices, including compatible iOS and Android devices, offer the use of biometrics for accessing different accounts. This could include using a fingerprint or facial recognition rather than entering a password. You typically still need to enter your login credentials when logging into your account for the first time, but further attempts could use your biometric information instead. Using unique biometrics could make it easier for you to access your accounts, but potentially throw off hackers.

Avoid suspicious links and communication

Phishing is a cybercrime associated with cybercriminals posing as legitimate people or institutions with the end goal of gaining access to your personal information. You might see common phishing attempts and scams associated with email spam, messages on social media, and more. It’s always in your best interest to avoid clicking on any suspicious links or giving information to anyone you don’t know. Consider anything that might look out of the ordinary to avoid falling for a phishing attempt. This could include looking closely at email addresses, names of people, how messages are worded, strange attachments, and more.

FAQs

Bottom line

Learning how to create a strong password could be the difference between keeping your information safe and private or being hacked. When creating a secure password, remember to use long character counts, avoid common words and phrases, and remove all personal information. Using both uppercase and lowercase letters, numbers, and special characters is also recommended.

Staying safe while using the internet and different online services involves multiple layers of security, including using strong passwords. But this is only one step toward staying secure online. You should also consider the best identity theft protection to protect your personal information and your peace of mind.

4.9

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On Aura Identity Theft's website

Aura Identity Theft

Up to 68% off Family Annual Plans

• Excellent identity theft protection service
• Includes a password manager and VPN
• Robust tools for children’s security
• Provides VantageScore and not FICO score updates

Author Details

Ben Walker

About the Author

Ben Walker is a writer at All About Cookies with a passion for all things internet and technology, whether it's using VPNs while away from home or organizing his life with password managers.