How to Create a Secure Password: The Ultimate Guide

A bouncer and a lock with a password next to a computer screen with accounts on it
Click here to read a summary of this article!
Summary: How to Create a Secure Password

Passwords form an important line of defense against any possible online attacks. However, users often fail to set strong passwords. As a result, they make themselves more vulnerable to cybercriminals.

Here are a few actionable tips you can implement to create stronger passwords:

  1. Use online databases, such as Have I Been Pwned, to check for compromised passwords and change any included passwords.
  2. Make sure your passwords are 12-14 characters in length (or longer).
  3. Include symbols, letters, and numbers in your passwords.
  4. Don’t reuse passwords across different accounts.
  5. Change the password regularly, ideally every two months or so.

Having difficulty creating and remembering strong passwords? A password manager does all the work for you, making the entire process much easier. If you’re looking for a good option, you might want to check out 1Password.

Visit 1Password

You can also enable two-factor authentication to add an extra layer of security to the login process.

Learn more about creating secure passwords by reading our entire article below!

Passwords are an unavoidable part of our digital lives. They protect everything from our social media accounts to our online banking details. But how secure is your password? Is it effective at keeping you and your valuable details safe from cybercriminals?

In this article, we teach you how to make a strong password. We also familiarize you with the different ways in which hackers can steal or crack your passwords.


Why Do I Need a Secure Password?

Why do you need a secure password icon

Protecting your account with an average password isn’t enough to keep that account safe. Most eight-character passwords can be cracked in less than six hours with the proper hardware setup. That’s right: even supposedly secure passwords with numbers, letters, and symbols can be cracked in just an afternoon.

Additionally, countless people use the same password for all their accounts. This means that a hacker could gain access to a user’s different online accounts by cracking just one password.

This isn’t just theoretical, either. Users’ passwords are compromised on the regular. This might happen through phishing using fake PDF documents or through a fake update to a password management app.

A leaked or cracked password gives hackers access to your account as well as any account with the same login details. What if the password you use for Pinterest also happens to be your email login? What might a malicious party do with access to your online communication with your friends, your job, and perhaps even your bank?

Given the number of threats out there, choosing a strong password is incredibly important. A weak password exposes you to possible financial, reputational, and social consequences. Luckily, these consequences can be avoided by taking the basic steps to enhance password security.


How to Create a Strong Password: Tips

A basic rule of thumb for password security is that passwords are like your underpants. You should change them regularly, you shouldn’t be sharing them, and you shouldn’t be leaving them around for the general public to see. Some other rules or principles to create secure passwords are listed below.

5 tips to create strong and safe passwords, with symbols

1. Check for compromised passwords

There’s a good chance that anyone reading this article is using a password that’s been compromised in a data breach or leak. Don’t believe us? You can check your accounts using the website Have I Been Pwned. This is a website that tracks email ids to see if they’ve appeared in any data breaches or leaks on the dark web.

If your password has been included in a data leak, the related account and website will show up. Make it your priority to change these passwords as soon as possible. Use the tips listed below to create new strong passwords that will help prevent any further damage.

2. Make your passwords longer

Brute force attacks are a common method of cracking passwords. These attacks constantly and rapidly guess different password combinations to arrive at the right one. Most brute force attacks rely on you having a short and therefore weak password that would not take automated software a significant amount of time to crack.

In other words, the longer your password, the less likely it is that a brute-force attack will be successful. Most hackers won’t spend considerable time guessing one password. They are looking for low-hanging fruit and will likely move on if your password is taking too long to guess.

A strong password should have at least eight characters. Ideally, it should have closer to 12-14 characters. Aside from length, there is another factor that’s important here as well: complexity.

3. Make your passwords complex

The more complex your password is, the less likely it is that any automated system will correctly guess it in a short time. When creating a secure password, sprinkle it liberally with upper case letters, lower case letters, numbers, and symbols.

Try to make those additions as random as possible. Simply adding an exclamation mark at the end of your password is a common technique that hackers will be aware of.

You might wonder exactly how much of a difference these changes can make. Well, a lot. Check out the table below to see how long it might take a brute force tool to figure out your password. The research for this table was done by Hive Systems, a company that focuses on cybersecurity for businesses. This table is also an excellent aid to find the perfect mixture of length and complexity for your strong password:

Number of charactersNumbersLowercase lettersUpper and Lowercase lettersNumbers, Upper and Lowercase LettersNumbers, Upper and Lowercase letters, Symbols
4InstantlyInstantlyInstantlyInstantlyInstantly
5InstantlyInstantlyInstantlyInstantlyInstantly
6InstantlyInstantlyInstantlyInstantlyInstantly
7InstantlyInstantly2 seconds7 seconds31 seconds
8InstantlyInstantly2 minutes7 minutes39 minutes
9Instantly10 seconds1 hour7 hours2 days
10Instantly4 minutes3 days3 weeks5 months
11Instantly2 hours5 months3 years34 years
122 seconds2 days24 years200 years3000 years
1319 seconds2 months1000 years12000 years202000 years
143 minutes4 years64000 years750000 years16 million years
1532 minutes100 years3 million years46 million years1 billion years
165 hours3000 years173 million years3 billion years92 billion years
172 days69000 years9 billion years179 billion years7 trillion years
183 weeks2 million years467 billion years11 trillion years438 trillion years

4. Don’t reuse passwords

Having the same password for all your accounts is like having the same key for your house, all the rooms, and the locked safe in your basement. It makes no sense, right? Even so, countless people are guilty of reusing passwords. After all, if you only have one password, it’ll be much easier to remember. This is a dangerous practice and makes it much easier for a hacker to profit by compromising your password.

Adding different prefixes or suffixes to the same root word can be just as dangerous. If the difference between the login for your bank account and your leaked Neopets password is one exclamation mark, that won’t stop a hacker from breaking into your financials.

If you want a secure password, you should use unique passwords for each different account. Make sure these passwords aren’t related to you personally. While your date of birth might appear to be a string of random numbers, it isn’t. It might even be the first thing a hacker will try.

5. Change your passwords regularly

There is a good chance that your login details will be revealed online at some point. Data breaches happen quite often, on all kinds of platforms. The best way to ensure that your accounts remain secure is to change your passwords on a regular basis. Microsoft recommends that all your account passwords be changed every 72 days.


How to Create a Secure Password: Tools

Let’s face it. It’s not easy to create long, complex, and unique secure passwords. They can be hard to come up with and even harder to remember. Thankfully, there are some tools you can use to make creating strong passwords easier.

3 tools to help create strong passwords, with symbols

1. Use Diceware for passphrases

A randomly generated string of words, numbers, and symbols makes for a very strong password, but can be impossible to remember. A  random selection of words, on the other hand, is easier for the human brain to remember and is just as secure.

Diceware refers to a method of creating passwords that uses dice as a hardware random number or name generator. The virtual six-sided die is rolled five times to come up with a string of numbers. These five-digit strings correspond to different words in various cryptographic dictionaries. For example, the string 43146 corresponds to the word “munch” in the dictionary published by the Electronic Frontier Foundation.

With Diceware, users can put together four or five such different words to create a sufficiently long and complex password. A randomly generated diceware passphrase might look something like this:

gustybarracksupremeattractorunfunded

If you struggle to remember your randomly generated passphrases, you can use a well-known phrase, quote, or song lyric and then replace one or more of the words. This way, you might end up with something like “Showmethepassivism” or “sayhellotomyoutboardoverlay.”

Non-random passphrases aren’t as secure as randomly generated ones, but even the best password isn’t of much use if you just cannot remember it. For more information on Diceware, paper tables, and a random passphrase generator, head over to Diceware.org.

2. Install a password manager

Password notebook with a padlock on the front cover, representing password managerPassword managers create a heavily encrypted master database of all your passwords. This allows you to access them on your computer or carry them around with you on a flash drive. The database is accessed with a single “master password.” You only need to remember this one master password in order to get access to all your other passwords.

Password managers often feature their own strong password generators that generate and save new random secure passwords for your online accounts. They can search online databases to see if any of their passwords have been leaked or are being reused. Overall, they take away a lot of the hassle of creating and recording strong passwords.

The presence of one master password comes with some downsides, however. For one, all your passwords are stored in a single location or database. If your master password was to be compromised in a hack, all your information would be at risk.

This is why your master password should also be long, complex, and unique so that it cannot be cracked using automated systems. On top of that, you should always pick a password manager that securely stores your passwords with military-grade encryption.

We recommend 1Password, as it’s known for its user-friendliness and strong online security. It even comes with data breach notifications and secure storage. You can read more about this password manager in our full 1Password review. Would you rather check out the service itself? Click the button below.

Visit 1Password

3. Activate two-factor authentication

At the end of the day, even the strongest most secure password may get compromised. It can appear in a leak or be obtained through a phishing scam. Hence, relying solely on a password for digital security is not the best idea. Instead, you should pair a strong password with two 0r multi-factor authentication.

2FA, as two-factor authentication is known, creates two layers of checks before logging in you in. The first security layer is usually your password. The second can be a secret code sent to your phone number or a code generated by an app, such as Authy.

We suggest that you use a code-generating app as your second layer of protection. Codes sent to your phone over text could be intercepted and read by a determined hacker.


How Does a Password Get Hacked?

While most of us are not at risk of facing sophisticated cyberattacks or hacking attempts, there are several low-cost hacking methods we are susceptible to. These methods primarily target users that use short and simple passwords.

Let’s take a look at some of the more common password cracking techniques and how you can protect yourself against them.

4 ways in which passwords get hacked, with symbols

Data breaches

Passwords are often leaked through data breaches. This is the result of a hacker or hacking group breaching an organization’s security and accessing the login credentials of its customers.

The buying and selling of passwords through the dark web is a pretty lucrative business for cybercriminals. In 2016, for example, the details of 117 million LinkedIn users were put up for sale by hackers. Similar breaches leaked the details of the users of Twitter, Facebook, and Sony.

There isn’t much you can do to stop a website you use from getting hacked. You can, however, take steps to minimize the fallout. Generally, you’ll be informed pretty quickly about the security breach and will be able to change your password for that one site.

If you’ve done the sensible thing and created unique passwords for all your accounts, then the problem is solved. However, if you’ve reused passwords, then you’ll now be tasked with changing passwords for all other accounts that used the same one.

Brute force attacks

A brute force attack uses significant computing power to generate random word, letter, and symbol combinations. It keeps entering these combinations in the password field until it arrives at the right combination.

Of course, there are various levels of sophistication when it comes to brute-force attacks. There are rigs out there that are very effective, like the one that cracked eight-character passwords in six hours. However, it’s more likely that hackers are just using a standard desktop with automated software to target people who use simple passwords like “god” or “1234.”

The best way to protect yourself against a brute force attack is to make sure you have a strong password that’s lengthy, complex, and unique.

Dictionary attacks

A dictionary attack is very similar to a brute force attack, except that it uses words in common usage as its guesses instead of a random combination of symbols. The “dictionary” being used by the software can range in complexity from a standard English dictionary to one that includes film quotes, lists of commonly used passwords, or even personal information gathered about you from your social media accounts.

Dictionary attacks tend to be more effective than brute forcing a password for the simple reason that humans like patterns. We tend to make our passwords personalized so they will be easy to remember. A random selection of words, numbers, and symbols will make it almost impossible for a dictionary attack to guess your password correctly.

Phishing

Rather than trying to guess your login credentials, cybercriminals might use social manipulation to trick you into giving up your password freely. This is called “phishing.” While you might already be aware of the clumsy “Nigerian Prince” email scams, phishing messages have become a lot more advanced and can be virtually indistinguishable from the real thing.

Phishing generally involves hackers pretending to be a service provider, like a bank or credit card company. They might inform you that something is “off” with your account. To fix it, you’ll have to give out security information or click a link provided by them. If you do so, however, the hacker will have access to your account.

The best way to protect yourself from phishing scams is to be vigilant and skeptical. Ignore and delete any email that asks you to follow a link and then log in. Similarly, don’t give out sensitive information over the phone. On top of that, it’s important to always reach out to a company via its official website and contact details. For more tips, you can consult our full guide to phishing protection.


Additional Security Tips

Passwords are an important aspect of our cybersecurity. However, effective cyber defense extends well beyond just creating secure passwords. It includes protecting your online identity and removing possible threats from your device. Here are some additional security tips to keep yourself safe online:

  1. Use a VPN. A VPN encrypts your internet activity and changes your IP address. This helps avoid prying eyes online, including those of cybercriminals, governments, and your Internet Service Provider. NordVPN achieved the highest score in recent VPN rankings, thanks to its excellent speeds and vast server network.
  2. Install an antivirus. Your password can be stolen using malware. An antivirus program helps detect and remove such malware, reducing the possibility of a password breach. Additionally, antivirus providers, such as Norton 360, also offer dark web monitoring services that check online databases for compromised passwords.
  3. Be mindful of your personal information. The more information a hacker has about you, the easier it is to crack your password. They can combine your name, birthdate, address, and other personal details to guess your login details. Hence, it’s important to be careful about the personal data you put on the internet and share with companies. Learning to browse anonymously can help you keep your personal information off the internet.

Final Thoughts: The Importance of Secure Passwords

Most people do not take the necessary steps to keep their passwords secure. Despite the growing threat of cybercrime, people continue to use short, generic, weak passwords that are easy to guess for automated software.

To keep your online accounts secure, you should use passwords that are long, complex, and random. Make sure to never reuse passwords across different accounts, and update your passwords regularly.

If you have trouble thinking up and remembering passwords, you can use a secure password generator or a good password manager. A password manager like 1Password will store all your passwords and create a unique and strong password for each account, so you can easily and securely log in with just one click. Aside from that, it’s also advisable to turn on two-factor authentication.

Once you’ve made sure all your passwords are secure, you might wonder what other steps you can take to improve your online safety. Here are some articles to help you get started:

How to Create a Secure Password: Frequently Asked Questions

Some of the most frequently asked questions about creating a secure password have been answered below. Be sure to let us know in the comments section if you have any other questions you’d like us to answer.

The safest passwords are unique, long, and complex. Ideally, they should be a compilation of random letters, numbers, and symbols. However, such secure passwords can be hard to create. Our guide on creating secure passwords provides you with actionable tips that’ll help improve password safety.

In the digital world, a lot of personal and confidential information is guarded by passwords. They also secure our bank accounts and payments app. Given this, hackers are always trying to exploit passwords and make some money. This is why password safety is so important.

Here are some easy steps you can adopt to boost your password safety:

  1. Create long passwords that have more than 12 characters.
  2. Make them random by including numbers, letters, and symbols.
  3. Use different passwords for different accounts, without reusing the same password.
  4. Regularly check if your existing passwords have been compromised.
  5. Frequently change your password.

Want to know more about creating secure passwords? Our comprehensive guide covers important rules and tools you can use to create strong passwords.

Tech journalist
Mohit is a legal and public policy researcher whose work focuses largely on technology regulation. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events.