You may have heard that complexity is a key aspect of a secure password — where you use a mixture of uppercase and lowercase letters along with numbers and symbols — but length is more important than complexity. It’s much easier for a hacker to crack a shorter, complex password than a longer one made purely of lowercase letters.
How to create strong passwords with a password manager
Many of the best password managers will automatically generate new passwords for you. Since your password manager securely stores all your passwords and other login credentials, you can let it create unique passwords that are as long and complex as you like. The longer they are, the harder they’ll be to crack.
Here’s how to make a good password with BitWarden, a free password manager. The process should be similar with whichever password manager you choose.
Click the BitWarden extension icon in your browser to open the menu, then click Generator. (If you don’t have the extension installed, download it from the link above.)
Adjust the settings to fit your needs, and your password manager will automatically create a strong password for you.
Here’s a quick list of some good password ideas as generated by BitWarden, with the configurations shown above:
The ability to create strong passwords and store them securely is the primary reason why you should use a password manager. If you do, you’ll only need to remember one password: the master password you use to log into your password manager.
But looking at the strong password examples above, how can you make a strong password that’s also easy to remember? The answer is to use a passphrase — a string of words that’s much easier to remember than the passwords shown above.
What is a passphrase?
A passphrase is a string of unrelated words that you use as a password. Because they’re made of words, passphrases are often easier to remember than conventional passwords. It’s the sheer length of a good passphrase, as well as the randomness of the words in it, that makes it so secure.
We’re not alone in loving passphrases — in an article from May 2021, the FBI stressed the importance of using “passphrases that combine multiple words and are longer than 15 characters.”
The image below is a great starting point for coming up with your own passphrases. SunnyBroomAirplaneHorseGraduation would be nearly impossible for anyone to guess, and even harder for a hacker to crack.
The best passphrases are composed of completely random words.
How to create good passphrases
The key to a good passphrase is randomness — the words you use to create a passphrase should not have an obvious connection between them. A good passphrase example is overripe-trekker-angular-envision-letter, while a passphrase like apple-pear-banana-orange would be much easier to crack.
You can separate the words with hyphens, spaces, periods, by capitalizing the first letter of each, with a number… all these choices and more are completely valid for creating a strong passphrase.
Create good passphrases with a password manager
Many password managers can be configured to create good passphrases that meet the criteria of the best passwords. Let’s take a look at how to create passphrases with a password manager.
Open your password manager’s browser extension and find the password generation feature. (Here, we’re once again using the BitWarden password manager.)
Select the option for passphrase creation and configure the settings as needed.
Generate new passphrases until you get something you can remember, adjusting the settings if necessary.
Create good passphrases with a passphrase generator
If you don’t want to use a password manager, there are plenty of websites that will generate good passphrase ideas for you. Use a Passphrase is a passphrase generator that also tells you approximately how long it’d take a hacker to crack your shiny new passphrase.
Even the most dangerous hackers of today will struggle with a password that’s projected to take hundreds of trillions of centuries to crack. Just pick your desired passphrase configuration from the options, and you’re good to go.
Good passphrase examples & passphrase ideas
Good passphrases are easy for you to remember and hard for hackers to guess. And since they’re so long, they’re very difficult for hackers to crack via brute-force attacks.
Here are a few good passphrase ideas created with BitWarden:
Rickety Output Oxidant Deem Spotless
unguarded3 superglue evacuee paddling gloomy shuffling
The length of these passphrases, plus their randomness, qualifies them as strong password examples.
How to remember a passphrase
The best way to remember your passphrase is to create a story that ties all the words together. This story can be as simple or as complex as you like — so long as you can remember it, then it’s done its job.
Let’s consider the first passphrase in the previous section:
The story here might be that, while playing my video game console, I noticed the shrubbery outside was causing bronchial distress for the various squatters living nearby. If I need to remember my passphrase, I can just look at my video game console, and the rest of the story will fall into place.
Since they’re so easy to remember, passphrases are great for password-protecting files and devices in addition to your online accounts.
Once you’ve created your new and highly secure passwords and passphrases, secure them against leaks and data breaches with AVG BreachGuard. You’ll be alerted immediately if any site you use suffers a data breach and leaks your login credentials into the wild. That way, you can change your passwords ASAP to keep hackers out of your accounts.
How to create a strong password: what not to do
Since the strongest passwords are long, hard to guess, and unique, most weak passwords are missing one of these crucial qualities. Many people leave themselves and their data wide open to hackers by using a simple word, repeating their passwords, or making other common password-creation mistakes.
Here’s what not to do when creating a new password:
Don’t repeat passwords. Using the same password across multiple accounts is convenient, but makes you very vulnerable to hacking. A hacker only needs to breach one of these accounts to get your login credentials for all the accounts using that password. Never use a password for more than one account.
Don’t use similar passwords. It’s not enough to change a password from teddybear1 to teddybear2. When creating new passwords or changing older ones, always use something completely new.
Don’t use personal info. If your passwords are based on personal info like your pet’s name, job, or hometown, this means that a hacker can easily figure it out based on your social media presence and other information available online. People who know you personally might even try to crack one of your accounts this way.
Don’t use a short password. The days of eight-character passwords are over — these are way too easy to crack with modern computing. Your password shouldn’t be any shorter than 15 to 20 characters. Longer is always better.
Don’t use common character substitutions. Swapping in a 3 for an E may have worked back in the 1980s and 1990s, but these days, it’s best to leave 1337speak where it belongs: in the past. P455w0r|) is just as easy for a hacker to crack as password.
Don’t store passwords in plaintext. Plaintext is unencrypted text — like the text in this article. It might seem easy to store your passwords in a note or spreadsheet, but if that file falls into the wrong hands, all your accounts are compromised. If you want to store your passwords, use a password manager that securely encrypts your data.
Protect your new passwords
Secure passwords are just one way to lock down your accounts. Keep your accounts and data even more secure by using two-factor authentication (2FA), and never reuse or share your passwords.
After creating new passwords, here’s how to protect them:
Activate 2FA. Two-factor authentication adds a layer of security on top of your password by requiring an additional element — the second factor — to complete the login process. This can be a code created by an authentication app like Google Authenticator, a fingerprint scan, or even a physical USB dongle.
Always activate 2FA to secure your email and any other accounts that support it. 2FA is essential to secure your data if a hacker gets your password via a data breach.
Never recycle passwords. When you use a password on multiple sites, it weakens that password for all those sites. As we’ve said throughout this piece — always keep your passwords unique.
Don’t share passwords. Sending someone a password via email or text puts that password at risk of being intercepted, especially if you’re using an unsecured public Wi-Fi network. It’s somewhat safer to use a secure messaging app, but it’s safest to use a password manager that allows for secure password sharing between users.
Store your passwords with a password manager. It’s impossible to remember a long and unique password for every single account. Any password manager worth using will keep track of all your logins for you and protect your passwords against leaks.
No matter how strong your password is, if someone gets it, they’ve got control of your account. Weak passwords and poor password-safety practices can both result in hackers accessing your data, which they can then sell on the dark web or use to commit identity theft.
Secure your strong passwords against data theft
While your new passwords are now strong and uncrackable, the websites you’re using them on may not be as secure. Websites are targeted by hackers for data breaches every day, compromising thousands of user accounts each time.
If any of your passwords are caught in a breach, AVG BreachGuard will alert you immediately and aid you in changing your passwords to secure your accounts. Protect your passwords against breaches with AVG BreachGuard.