How to create a strong password

5 tips for creating strong and secure passwords

Passwords like your name, your birthday, or “12345” are too simple to provide any real security for your accounts. Try these five proven tips to create strong passwords that are harder for threat actors to guess.

1. Avoid short passwords

The longer your password, the better. Long passwords are much more difficult for hackers to crack because they have to try more combinations of numbers, letters, and symbols to get it right. While many sites require a minimum of 8-10 characters, aiming for 16 characters or more provides significantly stronger protection. Because short passwords are risky, many websites now implement a minimum character requirement, forcing you to create a password that’s longer and more complex. 

2. Make passwords complex

Using different types of characters in your password makes it more difficult for hackers to crack. Instead of using all lowercase letters, mix upper- and lowercase letters with numbers and symbols. This approach is effective because it makes your passwords much more difficult to guess or crack through brute-force attacks. 

Some websites and software programs now allow emojis in passwords. This is a great way to make your passwords more complex because you can choose from thousands of emojis. If your accounts don’t allow emojis, you could also include emoticons in your passwords as an easy way to include multiple symbols. For example, including “>:”( at the end of your password adds three symbols that are easy to remember, but they’re still difficult for hackers to crack in combination with other characters. 

3. Use passphrases (the Diceware method)

Instead of making your password just one word, try creating a passphrase of five to seven random words strung together. This is sometimes called the Diceware method, and many websites use the Diceware algorithm to choose random words based on virtual dice rolls.

This method works because a combination of several random words is relatively easy to remember, but very difficult for hackers to crack. Passphrases also use more characters than a traditional password, adding an extra level of security. 

A combination like “right zebra fashion ultramarine football work” is extremely difficult to guess because of its length and randomness. To make sure your passphrases are truly random, use an online Diceware generator rather than picking words manually out of a dictionary. Passphrases also need to include numbers and symbols in addition to letters. 

4. Create mnemonics

Many people don’t want to create strong passwords because they are long and difficult to remember. To make them easier to recall, try using a mnemonic, or a memory aid, such as a sentence or phrase that helps you remember a complex password.

You can even make the password relevant to the website or service you’re using it for. For example, once you sign up for NordVPN, you could create a sentence like “I like to use NordVPN to protect my money” and use it as a mnemonic for the password “Il2uNV2pm$$$.” It includes all four types of characters and is complex, moderately long, and easy to remember. 

5. Use a password generator

If you struggle to come up with strong passwords on your own, try a password generator. Password generators automatically create long and complex passwords that are difficult for hackers to crack. They’ll also securely store the passwords for you, so you don’t have to remember them. 

NordPass is a password generator for both individuals and businesses. With NordPass, you can create and store passwords that fit account requirements, and end-to-end encryption will protect them from exposure. 

What should you not include in your passwords?

When creating your passwords, avoid using certain words and character combinations. These combinations are too easy for hackers to guess, especially if they also have access to your social media profiles or any other information about your life: 

• Your username or email address. Many people will repeat the username or email address they use to log into accounts as their password. However, this is one of the first password options hackers will guess. 
• Your own name or the names of your loved ones. Avoid using your own name or the names of your family members, friends, and pets because these are easy for cybercriminals to look up. 
• Personal information about you or your loved ones. Stay away from information like your birthday, phone number, address, or license plate number because determined cybercriminals can look up this information. Also, if your passwords are exposed in a data breach, it will also reveal these personal details. 
• Sequential characters. Avoid common combinations of letters, numbers, and symbols, such as “12345,” “qwerty,” or “abcdef.” 
• Obvious character substitutions. Avoid substituting letters with numbers and symbols that are easy to guess. For example, many people substitute “o” with “0” or “a” with “@,” so hackers will try these combinations first. 

Strong password examples

Not sure what a strong password looks like in real life? The following examples illustrate strong, truly random passwords to help you get started:

• 2N03!%Q7h1w-3Yt^
• s->5bIHg6U\#iQ,1
• <(d0^81a=.L~X4MX

Don’t use these exact passwords when creating your login details. Instead, use the practices discussed in this article to create a strong password that’s unique to you. 

How to remember strong passwords

Since strong passwords are complex, they are sometimes difficult to remember off the top of your head. 

The easiest way to solve this problem is by using a password manager tool like NordPass. Password managers generate complex, secure passwords for you, so you don’t need to come up with them yourself. When you log into your accounts, NordPass autofills the password and syncs it across devices, which lets you log in on both desktop and mobile without having to remember complex passwords. 

If you really want to memorize your complex password, use a phrase rather than a random string of letters and numbers. Opting for words that rhyme can make passphrases catchier. If you choose this strategy, make sure your password is long and includes a variety of characters. Avoid phrases that hackers could easily guess. 

How to secure your strong passwords

Now that you know how to make strong passwords, you’ll need to take steps to protect them from cybercriminals. Try these tips to keep your passwords safe: 

• Do not reuse passwords. Create a unique password for each new account you make instead of reusing your saved passwords. This way, if one of your passwords is exposed in a data breach, it only affects that account, rather than affecting all of your online accounts. 
• Change your passwords at least once every six months. Since passwords have a fixed length, a brute-force attack will eventually succeed with enough time and processing power. Changing your password every six months helps prevent this, so set regular calendar alerts. 
• Do not share your password with anyone. Your password should be kept completely private. You might trust your family, friends, and employer, but they could still accidentally expose your password. It’s particularly important not to write out passwords in an email or text message that cybercriminals could hack.  
• Change compromised passwords immediately. If you think your password might have been exposed, change it right away. Even if it’s just a hunch, don’t wait for confirmation of a data breach to take action. Every minute counts, so it’s better to be safe than sorry. 
• Be cautious with browser extensions for password management. Many popular web browsers include extensions to help you keep track of your passwords. While these can be very helpful, you should only use them once you’ve set a strong master password. Otherwise, anyone who accesses your device can see your passwords in plain text. 
• Don’t type your password into someone else’s device. This action could accidentally expose your accounts to other cyber threats. Instead, wait until you can access your own device to log into your secure finance and business accounts. 

Why is it important to use strong passwords?

Many online accounts contain sensitive personal information, such as your name, address, birthday, and financial information. Your password serves as the first line of defense between cybercriminals and this sensitive information. If your password isn’t strong enough, hackers will have no problem accessing this sensitive information, which could lead to costly identity theft. 

Hackers have a variety of tactics at their disposal to crack passwords. The most common tactic is a brute-force attack, which uses an automated algorithm to try different character combinations until it finds the correct password. Some hackers will also use keyloggers, which are a form of malware that tracks your keystrokes.