Short on time? Here’s how to create strong passwords in 2023:
- Install a password manager. Choose a good password manager — I recommend 1Password because it’s secure, easy to use, and affordable. Install the password manager (this only takes a few minutes), and then proceed to step 2.
- Open the password generator. From your password manager’s main screen, navigate to the password generator tool.
- Generate and store the password. Generate a password with at least 16 characters and store it in your password manager’s secure vault.
It’s easy to create a strong password in 2023, especially if you use a secure password manager. A good password should have at least 16 random characters, or you can use a passphrase with at least 4 words and 15–20 characters — but the most important thing is that it should be unique. If you’re using the same password for all of your accounts, all it takes is one successful hack, and all of your accounts can be broken into simultaneously.
It’s great to generate secure passwords for every site you use, but even if you do, you could still have your password leaked in a data breach. For example, LinkedIn was breached in early 2021, giving hackers access to over 700 million users’ login information.
That’s why it’s important to use a password manager. Password managers use security tools like random password generators and secure 2FA options to keep your logins secure, even in the face of a data breach.
This article explains the basics of password security, how to create strong passwords, and how to discover if your passwords have been compromised. I also recommend the best password managers of 2023 (hint: 1Password is #1).
TRY THE BEST PASSWORD MANAGER IN 2023 (1PASSWORD)
Why It’s Important to Create Strong and Unique Passwords
Password cracking tools can hack basic passwords like “qwerty” and “12345” in a few minutes, and there are huge databases of passwords that have been leaked in data breaches. Hackers use these to try to access random accounts.
Phishing attacks are also a major threat — millions of users give away their login information to scam websites every year, with phishing attacks growing hugely over text message and social media in the last few years.
Strong passwords can withstand most password crackers, and using a unique password for each account ensures that not all of your accounts will be compromised if one password gets stolen.
How Do Cyber Criminals Hack Passwords?
There are various password hacking techniques cyber criminals use, such as:
- Phishing attacks — Scam websites, texts, or emails that imitate legitimate entities to steal login data and financial information.
- Data breach — Hackers break into a company’s servers and publish private information (including user login details) to the public.
- Brute force attack — Automated programs that can generate every possible password combination until a match is found, perfect for cracking passwords that are 8 characters or fewer.
- Dictionary attack — Programs run through a prearranged list of common passwords to find a hit for the targeted user. This attack often succeeds against weak and predictable passwords.
- Keylogging & trojans — A keylogger can keep a log of your keystrokes, including usernames and passwords. Trojans take screenshots of your screen or share data from your devices with hackers remotely.
Your passwords could also be leaked accidentally by legitimate websites if they have security weaknesses.
Characteristics of Strong & Secure Passwords vs. Weak Passwords
A secure password has at least 16 characters, is unusual, and hasn’t been used before. The most important characteristic of a strong password is its length. The longer your password is, the longer it takes for a hacking software to find a match.
You can also add complexity to increase the range of passwords possible in a given length. A complex password is one that consists of different kinds of characters like uppercase, lowercase, numbers, and special characters (these are symbols like !, @, #, ?, etc.).
Weak passwords are short and use basic symbols like numbers and letters, generic language, or personally identifiable information. You can avoid doing this by following my tips on how to create a strong password below.
Best Ways to Create Strong Passwords for All of Your Accounts
The easiest way to create strong passwords for your accounts is to use a password manager. You can set the password generator to make random passwords between 16–20 characters, and let the password manager store your logins in an encrypted vault.
However, there are other techniques you can use yourself, such as:
The Passphrase Method
With this method, you create a password that’s long, unusual, but memorable for you. Think of words and numbers with no logical connection and put them together. For instance, I came up with “Astronauts 94 Book Glass Turnips”. This can become the passphrase “astronauts_94_bookglass_$_turnips”, which is long (33 characters) and unusual, yet easy to remember.
The Mnemonic Sentence Method
This method helps you create memorable passwords that seem random and are hard to crack. For example, your sentence may refer to a personal fact that’s important to you, like “I learned to play my first song at 14 years”. Take the initials of each word and create a string of letters that appears random, so the above sentence becomes “iltplm1stSNG@14”. This password is long and easy for you to remember, but hard for cybercriminals to figure out.
Dos and Don’ts of Creating a Strong Password
No matter which method you’re using, keep these password security tips in mind:
- Don’t use short passwords — Password length is the most crucial factor when it comes to password security. Some hackers can break 8-character passwords in a few hours, but cracking a 15-character passphrase is still next to impossible for most hackers. It’s crucial that your passwords are at least 12 characters long (16 or more is even better).
- Don’t use common phrases — Avoid common phrases like “The sky is blue” or “I love my cat”. Try being more creative and using methods like mnemonic sentences to create hard-to-guess passwords.
- Don’t use personal information — Avoid using your phone number, social security number, birthday, and other similar personal information that others can easily find out.
- Don’t use obvious substitutions — A password like “Tw!st3R” is weak because it is too short and uses obvious substitutions like “!” for I and “3” for “e”.
- Don’t reuse passwords — It’s dangerous to use the same passwords for different accounts because you risk losing all accounts if just one is hacked.
- Change weak passwords — Password generators like 1Password and Dashlane can check the strength of your passwords and allow you to easily change weak ones.
It can be difficult to follow these tips manually when you’ve got many accounts. I recommend using a password manager like 1Password, which can automatically generate strong passwords and store them safely.
You can also use our very own SafetyDetectives password generator tool, which produces up to 50 unique passwords at a time and supports a length of up to 50 characters.
Use 2-Factor Authentication (2FA) for Extra Security
2FA requires you to enter a second form of verification along with your password before logging in. That way, hackers need your password and your 2FA credentials to access your account. I encourage you to use 2FA for all your compatible accounts (many password managers, like 1Password, flag 2FA-compatible accounts in your password vault). Also, you should secure your password manager itself with 2FA.
The most common 2FA options are:
Time-Based One-Time Password (TOTP)
TOTPs are short passcodes that expire after a short period (usually 30 seconds) — the codes are generated by an authenticator app that is synced to generate one-time codes for specific websites. For example, 1Password’s built-in authenticator generates the TOTP code for my PayPal login, so each time I log into PayPal, I enter my password and the one-time passcode from my authenticator.
Biometric scanners identify users based on physical characteristics, like a face scan, fingerprint, or even a voice print. Biometric scanning is one of the most powerful 2FA methods (and it’s super convenient). Popular password managers like Dashlane, 1Password, and Keeper are compatible with biometric scanners on Windows, macOS, Android, and iOS devices.
Hardware Security Keys
USB keys like YubiKey are one-of-a-kind USB keys with built-in security protocols — simply plugging your USB key into your device provides verification. USB keys are excellent because they can’t be accessed remotely (TOTP authenticators can), meaning a hacker needs your physical USB key to access your 2FA-secured accounts.
Email and SMS Authentication
Email and SMS authentication requires entering a code sent to your email address or text message inbox, or clicking a link in your inbox to verify your identity. This is one of the least reliable 2FA options since it only keeps you safe if your email account hasn’t been hacked. LastPass provides this option, but many password managers don’t.
Hackers can also perform a “SIM swapping attack” where they gain user access to your mobile phone number, request an SMS authentication code for your account, and then hack into your account. This is why it’s usually advised to avoid SMS authentication if possible.
Best Password Managers for Creating Strong Passwords
Quick Summary of the best password managers for creating & storing strong passwords in 2023
- 1.🥇1Password — Best overall password manager in 2023.
- 2.🥈Dashlane — Best additional features (VPN & live dark web monitoring).
- 3.🥉 RoboForm — Excellent auto-fill capabilities and low-cost plans.
- 4. NordPass — Easy to use with advanced encryption.
- 5. Keeper — Good security, plus extras like encrypted chat and cloud storage.
- Bonus. LastPass — User-friendly design with good security features.
- Comparison of the Best Password Managers for Creating Strong Passwords.
🥇1. 1Password — Best Overall Password Manager for Creating & Storing Passwords
1Password is my favorite password manager for Windows, macOS, Android, and iOS devices in 2023. It provides secure 256-bit AES encryption and a ton of great additional features for comprehensive password management. What’s more, 1Password’s zero-knowledge encryption protocols ensure that nobody except you can access your logins — not even 1Password’s staff.
1Password’s password generator is also excellent — its Smart Password option automatically meets any site’s password requirements, plus 1Password has options for generating random passwords (up to 100 characters), passphrases (up to 15 words), and even PIN codes (up to 12 digits).
Plus, 1Password provides useful additional features like:
- Secure 2FA. Secure your master password with biometric scanning, TOTP authentication, or USB tokens.
- Watchtower. Flags weak passwords in your vault, tells you if any of your saved accounts are 2FA-compatible, and provides live data breach monitoring.
- Travel Mode. Hides selected logins from your password vault so border officials can’t access sensitive accounts.
- Privacy cards (US only). Provides encrypted proxy cards for online payments to keep your financial information out of business servers.
- Password sharing. Share encrypted logins with anyone using a temporary 1Password link, or sync vaults with family members (also includes permission controls so kids can’t change your passwords).
- 1GB encrypted storage.
1Password’s individual plan includes all of 1Password’s features for just $2.99 / month. The Families plan is my favorite family password manager plan in 2023, covering 5 users and providing a helpful family sharing dashboard for just $4.99 / month. I also like how 1Password Families allows you to add additional accounts for a small fee. You can try 1Password with a 14-day free trial.
Read the full 1Password review here
🥈2. Dashlane — Best Additional Features (Including Secure VPN)
Dashlane comes with excellent security and a huge range of extra features. It’s compatible with all major browsers, as well as Windows, Android, macOS, and iOS devices.
To secure stored passwords, Dashlane uses 256-bit AES encryption and undergoes frequent third-party auditing of its zero-knowledge security architecture. This means your information is only stored on your device, and it’s fully encrypted on all of Dashlane’s servers.
Dashlane’s password generator is super easy to use. It can generate passwords between 4 and 40 characters, but it doesn’t have a smart password generator or passphrase generator like 1Password does.
I also like that Dashlane supports 2FA login with TOTP generators, as well as biometric login for Windows, Mac, Android, and iOS. Plus, Dashlane offers some of the best additional features on the market, including:
- Live dark web monitoring.
- Virtual private network (VPN).
- Password security auditing.
- Secure password sharing.
I’m a huge fan of Dashlane’s dark web monitoring — it’s the only password manager to use live agents, who constantly monitor the dark web to check whether any of your data has been exposed and alert you instantly to any breaches.
I’m also impressed that Dashlane has introduced support for passkeys. Passkeys offer a new way to log into your accounts — Dashlane creates a pair of keys when you sign up for an account that offers passkey authentication. Passkeys are more secure than traditional passwords and even easier to use. That said, while many websites are expected to add passkey authentication soon, at the moment very few offer it, so for now it’s still important to create secure unique passwords for your accounts.
Dashlane offers all of its features and unlimited password storage with its Premium plan, which costs $4.99 / month. Its Friends & Family plan extends this coverage to 10 users for $7.49 / month. There’s a 30-day money-back guarantee on all plans, so you can try them before you commit.
Read the full Dashlane review here
🥉3. RoboForm — Best Form Filler + Low-Cost Plans
RoboForm provides top-notch security features and impressive auto-filling capabilities. Its password generator tool is easy to use, provides decent customization, and has an enormous 512-character password limit!
RoboForm includes an authenticator app, supports biometric logins, and syncs really well with major authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator. However, it isn’t compatible with USB 2FA keys like YubiKey (which 1Password is).
I really like RoboForm’s auto-filling capabilities — it has 8 templates, and in my testing it accurately filled out a variety of forms, from vehicle registration to my business address.
RoboForm provides these extras:
- Password security auditing.
- Secure password sharing.
- Bookmark storage.
- Emergency access.
RoboForm lacks some helpful extras like encrypted storage (which 1Password and Dashlane have), but it offers a great value. I particularly like the secure sharing — like 1Password, RoboForm lets you create shared folders. You can only create 2 folders, but you can save 50 logins in each, so overall that’s pretty good.
There are 3 plans available: RoboForm Free, RoboForm Everywhere, and Roboform Everywhere Family. The RoboForm Everywhere plan supports 1 user, while RoboForm Everywhere Family covers up to 5 users. You can get RoboForm Everywhere for just $0.99 / month, and the family plan for $27.70 / year.
Read the full RoboForm review here
4. NordPass — Easy to Use With Advanced Encryption
NordPass is a reliable and user-friendly password manager. While it’s not as feature-rich as 1Password or Dashlane, it’s super simple and beginner-friendly, and it offers a robust set of security features to keep your logins safe.
NordPass uses the advanced XChaCha20 encryption algorithm — this is a newer form of encryption than 256-bit AES, which is what the other password managers on this list use. While both methods are super secure and have never been broken, XChaCha20 is considered to be more “future-proof”, so it’s great that NordPass offers it.
NordPass’s other features include:
- Password generator.
- Multi-factor authentication.
- Passkeys support.
- Secure password sharing.
- Password Health checker.
- Emergency access.
I like NordPass’s password generator, which can create passwords up to 60 characters in length and passphrases of 3-10 words. It also lets you view your generated-password history (up to 10 passwords for an account), which is a super handy addition if you want to check which passwords you’ve used before or how long it is since you changed a password.
The Password Health Checker is also good, though it’s a shame it doesn’t give you an overall security score like Dashlane and 1Password do. Still, it does a good job alerting you to weak, reused, or old passwords in your vault, so it’s pretty handy for ensuring your passwords are strong and secure.
NordPass’s free plan is decent, though it doesn’t allow you to share passwords (Dashlane’s free plan does), and it limits you to use on 1 device at a time. The Premium plan covers you on up to 6 devices for $1.99 / month and adds password sharing, breach monitoring, emergency access, and 3 GB of secure file storage. The Family plan extends all this to 6 users for $3.69 / month.
Read the full NordPass review here
5. Keeper — Wide Range of 2FA Options + Extras Like Encrypted Chat
Keeper is a highly secure password manager with excellent 2FA options, great usability, and some useful extras.
Keeper’s password generator can create passwords up to 100 characters long including letters, numbers, and symbols. With its browser extension, you can easily generate new passwords with a single click in Chrome, Firefox, Edge, Safari, and more.
Keeper also provides heaps of 2FA options, including biometric scanning, smartwatch compatibility for iOS and Android, USB key functionality, and a built-in TOTP authenticator.
In addition, Keeper offers:
- Dark web monitoring.
- Password security auditing.
- Encrypted messaging.
- Cloud storage (10-100 GB).
- Secure password sharing.
I really like KeeperChat, Keeper’s encrypted messaging app. It provides features like timed self-destruction, message retraction, and a secure photo and video gallery. I also like Keeper’s dark web monitoring, but it’s a shame you have to pay extra for it (Dashlane includes dark web monitoring in its premium plans).
Keeper’s Unlimited plan includes unlimited password storage and devices for $17.49 / year. You can also get cloud storage and the dark web monitoring as paid add-ons. There’s a family version too, which supports 5 accounts and costs $37.49 / year.
Read the full Keeper review here
Bonus. LastPass — Best for Ease-of-Use
LastPass provides a ton of good features in a very intuitive interface. It uses 256-bit AES encryption to protect user data, provides a zero knowledge policy, and includes 2FA compatibility with TOTP apps, biometric scanners, and USB tokens.
LastPass also includes helpful in-app tutorials to guide new users throughout its interface. While many of the apps on my list (especially 1Password) provide excellent online knowledge bases, LastPass’s in-app text boxes conveniently explain things like importing passwords, editing your vault, auditing your passwords, sharing passwords, and much more.
LastPass offers 3 plans for Windows, macOS, Android, and iOS users — LastPass Free, LastPass Premium, and LastPass Families. LastPass Free offers unlimited password storage (but only on mobile or desktop, not both) and most of LastPass’s premium features. But LastPass Premium offers unlimited password storage on all devices for only $3.00 / month, and LastPass Families covers up to 6 users for only $4.00 / month.
Read the full LastPass review here
Comparison of the Best Password Managers for Creating Strong Passwords
|Password manager||Starting Price||Free Plan||Password generator length||2FA Options||Unique Extras|
|1.🥇 1Password||$2.99 / month||No (2-week free trial)||Up to 100 characters, 15 words, or 12 numbers||TOTP generator, biometric logins, USB keys||Share passwords with non-users, family vault sharing, data breach monitoring, local data storage, encrypted payment cards (US only)|
|2.🥈Dashlane||$2.00 / month||1 device, unlimited passwords||Up to 40 characters||TOTP generator, biometric logins||VPN, live dark web monitoring|
|3.🥉 RoboForm||$3.75 / month||1 device, unlimited passwords||Up to 512 characters||TOTP generator, biometric logins||Excellent auto-filling capabilities, bookmark storage|
||$1.99 / month||✅ Unlimited passwords, 1 device at a time||Up to 60 characters or 10 words||Backup codes, USB keys, biometric logins||XChaCha20 encryption, 3 GB file storage|
|5. Keeper||$3.75 / month||1 device, unlimited passwords||Up to 100 characters||TOTP generator, biometric logins, USB keys||Encrypted messaging, up to 100 GB secure storage|
|Bonus. LastPass||$3.00 / month||Yes, unlimited passwords (either desktop or mobile only)||Up to 100 characters||TOTP generator, biometric logins, USB keys||Advanced 2FA settings, multiple account recovery options|
Frequently Asked Questions
How do I create strong passwords and remember them?
The best and easiest way to create a strong password is to use a password manager. They include password generators that can create super complex and unique logins for all of your accounts — and they store those logins in a secure encrypted vault, auto-filling logins with a single click. 1Password is our #1 password manager for 2023.
How long is a strong password?
A strong password is at least 16 characters long. While many websites still restrict minimum password length to 8 characters, it’s no longer a safe length. Some hackers have already built tools that can crack an 8-character password in less than 6 hours. Of course, it’s not helpful to have a long password if you’re using it for all of your accounts — you need to use unique passwords for each login.
However, creating long passwords for all of your accounts can get overwhelming. To make this process easier, you can use a premium password manager like 1Password. With this tool you can create unhackable passwords, store them securely in an encrypted vault, and have the password manager auto-fill logins for you.
What is an example of a strong password?
A strong password looks something like this “nSwQTr*A!e9hTP!9”. If you look closely, this password has all the characteristics of a strong password — it is 16 characters long and includes a mixture of lowercase and uppercase letters, symbols, and numbers.
The above password was generated by the SafetyDetectives password generator tool. You can use it to generate any number of long, complex, and strong passwords for free. However, passphrases like “correct-horse-battery-staple” can be just as secure as randomly generated passwords (1Password even includes a passphrase generator — it can make passphrases that are up to 15 words long).
What are the 5 most common passwords?
The 5 most common passwords are:
You should strictly avoid using these passwords or any other password similar to these. These passwords are always the first ones to be tried by cybercriminals during a hacking attack. Moreover, all of these passwords are extremely weak because they are too short, use plain dictionary words or simple number sequences, and completely lack complexity.
You can easily generate strong passwords using one of the techniques I shared above. Even better, you can use a password manager like 1Password to instantly generate secure passwords.