A secure password is crucial in today’s online world. With so many important aspects of our lives, our work, and our finances happening online, it’s important to make sure all the information we share is secured. The best way we can do this is by using strong passwords.
The recommendations surrounding what makes a strong password have changed, however. And so have the methods used to crack them.
Unlike a “dictionary attack”, where the attacker runs a rapid series of common passwords, a “brute force” attack runs all possible combinations of characters. The rising popularity of brute force attacks has led to a shift in the importance of password strength factors. This changes everything from the recommended complexity to the length of your password.
Password strength tests can be found online, and are a useful tool in securely checking the strength of your existing passwords.
We examine some of the best – and worst – ways to create passwords, and explain how you can make strong passwords that won't be cracked.
In This Guide:
Password Examples – Good and Bad
If you're creating your own passwords, then the following examples will hopefully highlight what to avoid, while providing inspiration to create something secure.
It's important to be honest with yourself, here. We all slip into bad habits when it comes to online security. But, using variations of any of the bad passwords listed below is a recipe for danger.
Don't wait until something goes badly wrong. Update your passwords to stronger ones now, while your accounts are secure, and you won't regret it.
Bad Passwords
- Password1 – This is an obvious one, but it’s still one of the most common passwords used today!
- 12345678 – number sequences with an order or pattern to them will be cracked almost instantly by any rapid sequence attack.
- Banking01 – Don’t use descriptive passwords that are relevant to the application being used. Using patterns like this would compromise the security of all accounts if one password was figured out.
- 01/01/2000 – Avoid using dates, especially if the date has some personal significance (eg. birthdays, anniversaries, etc.) as this will be easier information for an attacker to find.
- Q!koP9$f – While this provides protection from dictionary attacks, it will only take about 9 hours for a brute force attack to crack this kind of password.
Good Passwords
- Don’tStopBelieving – Using song lyrics in a passphrase can be a very easy way of remembering a secure password. This will be very difficult for a computer to brute force attack successfully. But be wary of lyrics from music that you may have listed as your favourite on social media.
- BatmanIsTheGreatestHeroOfAllTime – Using a memorable phrase can be an effective way of creating a password. Again, don't pick one that people may be able to guess.
- DogComputerScreenSpeakerTV – A list of words is another very strong method. This example would take 327 septillion years to crack by brute force.
- D0gComput3r$creenSpe&kerTV – This may be slightly more difficult to remember, but replacing some letters with symbols and numbers significantly boosts the security of the password.
The Best Ways to Create Secure Passwords
There's some debate over how best to go about creating a secure password. The key is creating something that's easy to enter, and hard to guess.
That's more difficult than it sounds. After all, the easiest passwords to remember are also the ones that a hacker could crack more easily. Your surname? Date of birth? The word ‘passwd'? No, no and no.
However, going to the other extreme is little help, either. If you were to create long strings of unrelated letters, symbols and numbers – unique for every account you log into – this would be a nightmare for you to remember.
Generally speaking, there are three alternative solutions for creating strong passwords:
- Use a Password Manager – far and away the best solution, these simple programs create strong passwords for you, then automatically enter them into your online accounts when you log in. You never have to remember the passwords yourself.
- Create Long Passphrases – these are strings of words put together. For example, a favourite song lyric. They can be easy to remember, but the challenge is coming up with a new one for every account.
- Combine Letters, Symbols and Numbers – this can help you create truly unguessable passwords. The downside? They can be a lot more challenging for you to remember.
Let's look at each of these in a bit more detail:
1) Password Managers
These work by generating and storing long strings of letters, numbers, and symbols for each account that you log into. Password managers can automatically paste the correct password into the entry box when needed. This way, they remove the need for you to memorize lots of different passwords.
Instead, you only need to remember one master password that will unlock the manager itself.
When using a password manager for important services, such as personal banking, you should always check that the service provider supports the use of password managers.
See our breakdown of the Best Password Managers available to help decide which one would be best for you.
Scroll horizontally to view full table on mobile devices
| 1Password | Dashlane | LastPass | Sticky Password | |
|---|---|---|---|---|
 |  |  |  | |
| Overall Score | ★★★★★ | ★★★★★ | ★★★★☆ | ★★★★☆ |
| Local Storage Option | ✓ | ✓ | x | ✓ |
| Two-Factor Authentication | ✓ | ✓ | ✓ | ✓ |
| Failsafe Function | ✓ | ✓ | ✓ | x |
| Password Generator Function | ✓ | ✓ | ✓ | ✓ |
| Help Instructions | ✓ | ✓ | ✓ | ✓ |
| Email Support | ✓ | ✓ | ✓ | ✓ |
| Live Chat Support | x | ✓ | x | x |
| Phone Support | x | x | x | x |
| Ease of Setup | ★★★★★ | ★★★★★ | ★★★★★ | ★★★★★ |
| Features | ★★★★★ | ★★★★★ | ★★★★☆ | ★★★★☆ |
| Overall Performance | ★★★★★ | ★★★★★ | ★★★★☆ | ★★★★★ |
| Help & Support | ★★★☆☆ | ★★★★☆ | ★★★☆☆ | ★★★☆☆ |
| Value for Money | ★★★★★ | ★★★★☆ | ★★★★☆ | ★★★★☆ |
| Cost per year | $36 | $60 | $24 | $30 |
| Discounts Available | See Deals | See Deals | See Deals | See Deals |
Password Manager Pros:
- The generated passwords are very secure, due to complexity and length. This generation is immediate and the new passwords can be automatically pasted into the relevant area.
- Password managers remove the need for you to remember all your different passwords.
- The login information stored in most password managers will be encrypted. In the event of a data breach, it would be very difficult for the thief to gain access to specific login details of any user.
Password Manager Cons
- Consolidating passwords behind one master password creates a single point of failure. If your master password for the manager is breached, all of the passwords contained within are vulnerable.
- While there are free password managers, these rarely let you run the password manager on multiple devices (say, your phone and your laptop)
Tempted to try a password manager? It could be one of the smartest moves you could make towards proper online security.
One of our favourites is 1Password, a fantastic all-round password manager that's easy to use, and can create strong online passwords for you.
Check out our full 1Password review for more detail, or see the deal below:
- Free 6 month trial for 1Password Teams for business
- Local storage makes saving changed passwords more reliable
- Large number of secure note templates for storing sensitive information
- Very well-designed app
- No automated password changing feature
- Desktop app seems superfluous
- No camera integration on mobile
- Established: 2006
- Dedicated app
- PC/Mac compatible
- Individual and family plans
- Breach alert feature
- Generates passwords
2) Creating Long Passphrases
Passphrases are long strings formed from several words packed together.
These passwords can be easy to create and also to remember, especially if the chosen words have some meaning to you.
That said, choosing words with obvious personal meaning, such as family names, may expose risks from targeted hacking.
As attacks are now more focused on trying as many different character combinations as possible, a good method of defense is making the number of possible combinations as large as possible.
Every character added into a password increases the number of possible combinations exponentially, making the use of passphrases an easy way of increasing your protection.
Passphrase Pros:
- Provides a good level of security, due to the length drastically increasing the number of possible character combinations.
- Easy to remember, especially if the word string has some slightly personal meaning to you.
- Easier to type out each time, as special characters add very little to the security of the passphrase.
Passphrase Cons
- If you create a different passphrase for every site you log into, it can be a huge challenge to remember them all.
- Passphrases can potentially be vulnerable to dictionary attacks if all of the words they're formed from are regular words found in a dictionary.
3) Letters/Symbols/Numbers
While using a combination of letters symbols and numbers can add security, especially against a dictionary attack, this is offset by the added difficulty in remembering the password.
As a result, it may be tempting to create a shorter password when using this method. This would be risky, due to increased risk from brute-forcing, a popular method used to crack passwords.
Instead, it's better to rely on combinations of Letters, Symbols and Numbers when creating a password. This method can improve the security of a passphrase, adding symbols or numbers into the word string will provide additional protection against dictionary attacks.
Letters/Symbols/Numbers Pros:
- Passwords using a seemingly random combination of letters, symbols, and numbers are very difficult to guess without highly specialised cracking tools.
- Incorporating this method with a passphrase, as described above, can provide increased security.
Letters/Symbols/Numbers Cons
- Using a combination of letters, symbols, and numbers will result in a password that’s more difficult for you to remember. This is made worse if you need to remember different passwords for different accounts (as is recommended).
- Mistakes are much more likely to be made when typing in a password that uses these combinations, and it's a pain to do on a phone keyboard.
- This method of password creation is no longer as strongly recommended by experts, as increasing the complexity of a password is not as effective as increasing the length.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews.