Updated on: March 29, 2024
Short on time? Here’s how to create strong passwords in 2024:
- Install a password manager. Choose a good password manager — I recommend 1Password because it’s secure, easy to use, and affordable. Install the password manager (this only takes a few minutes), and then proceed to step 2.
- Open the password generator. From your password manager’s main screen, navigate to the password generator tool.
- Generate and store the password. Generate a password with at least 16 characters and store it in your password manager’s secure vault.
It’s easy to create a strong password in 2024, especially if you use a secure password manager. A good password should have at least 16 random characters, or you can use a passphrase with at least 4 words and 15–20 characters — but the most important thing is that it should be unique. If you’re using the same password for all of your accounts, all it takes is one successful hack, and all of your accounts can be broken into simultaneously.
It’s great to generate secure passwords for every site you use, but even if you do, you could still have your password leaked in a data breach. For example, LinkedIn was breached in early 2021, giving hackers access to over 700 million users’ login information.
That’s why it’s important to use a password manager. Password managers use security tools like random password generators and secure 2FA options to keep your logins secure, even in the face of a data breach.
This article explains the basics of password security, how to create strong passwords, and how to discover if your passwords have been compromised. I also recommend the best password managers of 2024 (hint: 1Password is #1).
TRY THE BEST PASSWORD MANAGER IN 2024 (1PASSWORD)
Why It’s Important to Create Strong and Unique Passwords
Password cracking tools can hack basic passwords like “qwerty” and “12345” in a few minutes, and there are huge databases of passwords that have been leaked in data breaches. Hackers use these to try to access random accounts.
Phishing attacks are also a major threat — millions of users give away their login information to scam websites every year, with phishing attacks growing hugely over text message and social media in the last few years.
Strong passwords can withstand most password crackers, and using a unique password for each account ensures that not all of your accounts will be compromised if one password gets stolen.
How Do Cyber Criminals Hack Passwords?
There are various password hacking techniques cyber criminals use, such as:
- Phishing attacks — Scam websites, texts, or emails that imitate legitimate entities to steal login data and financial information.
- Data breach — Hackers break into a company’s servers and publish private information (including user login details) to the public.
- Brute force attack — Automated programs that can generate every possible password combination until a match is found, perfect for cracking passwords that are 8 characters or fewer.
- Dictionary attack — Programs run through a prearranged list of common passwords to find a hit for the targeted user. This attack often succeeds against weak and predictable passwords.
- Keylogging & trojans — A keylogger can keep a log of your keystrokes, including usernames and passwords. Trojans take screenshots of your screen or share data from your devices with hackers remotely.
Your passwords could also be leaked accidentally by legitimate websites if they have security weaknesses.
Characteristics of Strong & Secure Passwords vs. Weak Passwords
A secure password has at least 16 characters, is unusual, and hasn’t been used before. The most important characteristic of a strong password is its length. The longer your password is, the longer it takes for a hacking software to find a match.
You can also add complexity to increase the range of passwords possible in a given length. A complex password is one that consists of different kinds of characters like uppercase, lowercase, numbers, and special characters (these are symbols like !, @, #, ?, etc.).
Weak passwords are short and use basic symbols like numbers and letters, generic language, or personally identifiable information. You can avoid doing this by following my tips on how to create a strong password below.
Best Ways to Create Strong Passwords for All of Your Accounts
The easiest way to create strong passwords for your accounts is to use a password manager. You can set the password generator to make random passwords between 16–20 characters, and let the password manager store your logins in an encrypted vault.
Quick Summary of the best password managers for creating & storing strong passwords in 2024
However, there are other techniques you can use yourself, such as:
The Passphrase Method
With this method, you create a password that’s long, unusual, but memorable for you. Think of words and numbers with no logical connection and put them together. For instance, I came up with “Astronauts 94 Book Glass Turnips”. This can become the passphrase “astronauts_94_bookglass_$_turnips”, which is long (33 characters) and unusual, yet easy to remember.
The Mnemonic Sentence Method
This method helps you create memorable passwords that seem random and are hard to crack. For example, your sentence may refer to a personal fact that’s important to you, like “I learned to play my first song at 14 years”. Take the initials of each word and create a string of letters that appears random, so the above sentence becomes “iltplm1stSNG@14”. This password is long and easy for you to remember, but hard for cybercriminals to figure out.
Dos and Don’ts of Creating a Strong Password
No matter which method you’re using, keep these password security tips in mind:
- Don’t use short passwords — Password length is the most crucial factor when it comes to password security. Some hackers can break 8-character passwords in a few hours, but cracking a 15-character passphrase is still next to impossible for most hackers. It’s crucial that your passwords are at least 12 characters long (16 or more is even better).
- Don’t use common phrases — Avoid common phrases like “The sky is blue” or “I love my cat”. Try being more creative and using methods like mnemonic sentences to create hard-to-guess passwords.
- Don’t use personal information — Avoid using your phone number, social security number, birthday, and other similar personal information that others can easily find out.
- Don’t use obvious substitutions — A password like “Tw!st3R” is weak because it is too short and uses obvious substitutions like “!” for I and “3” for “e”.
- Don’t reuse passwords — It’s dangerous to use the same passwords for different accounts because you risk losing all accounts if just one is hacked.
- Change weak passwords — Password generators like 1Password and Dashlane can check the strength of your passwords and allow you to easily change weak ones.
It can be difficult to follow these tips manually when you’ve got many accounts. I recommend using a password manager like 1Password, which can automatically generate strong passwords and store them safely.
You can also use our very own SafetyDetectives password generator tool, which produces up to 50 unique passwords at a time and supports a length of up to 50 characters.
Use 2-Factor Authentication (2FA) for Extra Security
2FA requires you to enter a second form of verification along with your password before logging in. That way, hackers need your password and your 2FA credentials to access your account. I encourage you to use 2FA for all your compatible accounts (many password managers, like 1Password, flag 2FA-compatible accounts in your password vault). Also, you should secure your password manager itself with 2FA.
The most common 2FA options are:
Time-Based One-Time Password (TOTP)
TOTPs are short passcodes that expire after a short period (usually 30 seconds) — the codes are generated by an authenticator app that is synced to generate one-time codes for specific websites. For example, 1Password’s built-in authenticator generates the TOTP code for my PayPal login, so each time I log into PayPal, I enter my password and the one-time passcode from my authenticator.
Biometric Authentication
Biometric scanners identify users based on physical characteristics, like a face scan, fingerprint, or even a voice print. Biometric scanning is one of the most powerful 2FA methods (and it’s super convenient). Popular password managers like Dashlane, 1Password, and Keeper are compatible with biometric scanners on Windows, macOS, Android, and iOS devices.
Hardware Security Keys
USB keys like YubiKey are one-of-a-kind USB keys with built-in security protocols — simply plugging your USB key into your device provides verification. USB keys are excellent because they can’t be accessed remotely (TOTP authenticators can), meaning a hacker needs your physical USB key to access your 2FA-secured accounts.
Email and SMS Authentication
Email and SMS authentication requires entering a code sent to your email address or text message inbox, or clicking a link in your inbox to verify your identity. This is one of the least reliable 2FA options since it only keeps you safe if your email account hasn’t been hacked. LastPass provides this option, but many password managers don’t.
Hackers can also perform a “SIM swapping attack” where they gain user access to your mobile phone number, request an SMS authentication code for your account, and then hack into your account. This is why it’s usually advised to avoid SMS authentication if possible.
Best Password Managers for Creating Strong Passwords
🥇1. 1Password — Best Overall Password Manager for Creating & Storing Passwords
1Password is my favorite password manager for Windows, macOS, Android, and iOS devices in 2024. It provides secure 256-bit AES encryption and a ton of great additional features for comprehensive password management. What’s more, 1Password’s zero-knowledge encryption protocols ensure that nobody except you can access your logins — not even 1Password’s staff.
1Password’s password generator is also excellent — its Smart Password option automatically meets any site’s password requirements, plus 1Password has options for generating random passwords (up to 100 characters), passphrases (up to 15 words), and even PIN codes (up to 12 digits).
Plus, 1Password provides useful additional features like:
- Secure 2FA. Secure your master password with biometric scanning, TOTP authentication, or USB tokens.
- Passkey support. Enjoy the extra security and seamless experience afforded by passwordless authentication.
- Watchtower. Flags weak passwords in your vault, tells you if any of your saved accounts are 2FA-compatible, and provides live data breach monitoring.
- Travel Mode. Hides selected logins from your password vault so border officials can’t access sensitive accounts.
- Privacy cards (US only). Provides encrypted proxy cards for online payments to keep your financial information out of business servers.
- Password sharing. Share encrypted logins with anyone using a temporary 1Password link, or sync vaults with family members (also includes permission controls so kids can’t change your passwords).
- 1GB encrypted storage.
1Password’s individual plan includes all of 1Password’s features for just $2.99 / month. The Families plan is my favorite family password manager plan in 2024, covering 5 users and providing a helpful family sharing dashboard for just $4.99 / month. I also like how 1Password Families allows you to add additional accounts for a small fee. You can try 1Password with a 14-day free trial.
Read the full 1Password review here
🥈2. Dashlane — Best Additional Features (Including Secure VPN)
Dashlane comes with excellent security and a huge range of extra features. It’s compatible with all major browsers, as well as Windows, Android, macOS, and iOS devices.
To secure stored passwords, Dashlane uses 256-bit AES encryption and undergoes frequent third-party auditing of its zero-knowledge security architecture. This means your information is only stored on your device, and it’s fully encrypted on all of Dashlane’s servers.
Dashlane’s password generator is super easy to use. It can generate passwords between 4 and 40 characters, but it doesn’t have a smart password generator or passphrase generator like 1Password does.
I also like that Dashlane supports 2FA login with TOTP generators, as well as biometric login for Windows, Mac, Android, and iOS. Plus, Dashlane offers some of the best additional features on the market, including:
- Live dark web monitoring.
- Virtual private network (VPN).
- Password security auditing.
- Passkey support.
- Secure password sharing.
I’m a huge fan of Dashlane’s dark web monitoring — it’s the only password manager to use live agents, who constantly monitor the dark web to check whether any of your data has been exposed and alert you instantly to any breaches.
Dashlane offers all of its features and unlimited password storage with its Premium plan, which costs $4.99 / month. Its Friends & Family plan extends this coverage to 10 users for $7.49 / month. There’s a 30-day money-back guarantee on all plans, so you can try them before you commit.
Read the full Dashlane review here
🥉3. RoboForm — Best Form Filler + Low-Cost Plans
RoboForm provides top-notch security features and impressive auto-filling capabilities. Its password generator tool is easy to use, provides decent customization, and has an enormous 512-character password limit!
RoboForm includes an authenticator app, supports biometric logins, and syncs really well with major authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator. However, it isn’t compatible with USB 2FA keys like YubiKey (which 1Password is).
I really like RoboForm’s auto-filling capabilities — it has 8 templates, and in my testing it accurately filled out a variety of forms, from vehicle registration to my business address.
RoboForm provides these extras:
- Password security auditing.
- Secure password sharing.
- Support for passkeys.
- Bookmark storage.
- Emergency access.
RoboForm lacks some helpful extras like encrypted storage (which 1Password and Dashlane have), but it offers a great value. I particularly like the secure sharing — like 1Password, RoboForm lets you create shared folders. You can only create 2 folders, but you can save 50 logins in each, so overall that’s pretty good.
There are 3 plans available: RoboForm Free, RoboForm Premium, and Roboform Family. The RoboForm Premium plan supports 1 user, while RoboForm Family covers up to 5 users. You can get RoboForm Premium for just $0.99 / month, and the family plan for $19.05 / year.
Read the full RoboForm review here
Comparison of the Best Password Managers for Creating Strong Passwords
Frequently Asked Questions
How do I create strong passwords and remember them?
The best and easiest way to create a strong password is to use a password manager. They include password generators that can create super complex and unique logins for all of your accounts — and they store those logins in a secure encrypted vault, auto-filling logins with a single click. 1Password is our #1 password manager for 2024.
How long is a strong password?
For secure passwords, aim for a minimum of 12 characters. Passwords of 8 characters are outdated and unsafe; some hacking tools can breach them in less than 6 hours. Also, using the same long password for multiple accounts is counterproductive; each password should be unique.
But generating lengthy passwords for every one of your accounts can become daunting. To simplify this task, you could use a superior password manager such as 1Password. This tool allows you to generate impenetrable passwords, save them safely in an encrypted vault, and auto-fill login details when you sign into your accounts.
What is an example of a strong password?
A strong password looks something like this “nSwQTr*A!e9hTP!9”. If you look closely, this password has all the characteristics of a strong password — it is 16 characters long and includes a mixture of lowercase and uppercase letters, symbols, and numbers.
The above password was generated by the SafetyDetectives password generator tool. You can use it to generate any number of long, complex, and strong passwords for free. However, passphrases like “correct-horse-battery-staple” can be just as secure as randomly generated passwords (1Password even includes a passphrase generator — it can make passphrases that are up to 15 words long).
What are the 5 most common passwords?
The 5 most common passwords are:
- 123456
- 123456789
- qwerty
- password
- 12345
You should strictly avoid using these passwords or any other password similar to these. These passwords are always the first ones to be tried by cybercriminals during a hacking attack. Moreover, all of these passwords are extremely weak because they are too short, use plain dictionary words or simple number sequences, and completely lack complexity.
You can easily generate strong passwords using one of the techniques I shared above. Even better, you can use a password manager like 1Password to instantly generate secure passwords.
