Short on time? Here’s how to create strong passwords in 2023:
- Install a password manager. Choose a good password manager — I recommend 1Password because it’s secure, easy to use, and affordable. Install the password manager (this only takes a few minutes), and then proceed to step 2.
- Open the password generator. From your password manager’s main screen, navigate to the password generator tool.
- Generate and store the password. Generate a password with at least 12 characters and store it in your password manager’s secure vault.
It’s fairly easy to create a strong password in 2023, especially if you use a secure password manager. A good password should be at least 12 random characters, or a passphrase with at least 4 words and 15–20 characters — but most importantly, it should be unique. If you’re using the same password for all of your accounts, all it takes is one successful hack and all of your accounts can be broken into simultaneously.
Even if you generate secure passwords for every site, you could still have your password leaked in a data breach. For example, LinkedIn was breached in early 2021, giving hackers access to over 700 million users’ login information.
That’s why it’s important to use a password manager. Password managers use security tools like random password generators and secure 2FA options to keep your logins secure, even in the face of a data breach.
This article explains the basics of password security, how to create strong passwords, and how to discover if your passwords have been compromised. I also recommend the best password managers of 2023 (hint: 1Password is #1).
Why It’s Important to Create Strong and Unique Passwords
Password cracking tools can hack basic passwords like “qwerty” and “12345” in a few minutes, and there are huge databases of passwords that have been leaked in data breaches. Hackers use these to try to access random accounts.
Phishing attacks are also a major threat — millions of users give away their login information to scam websites every year, with phishing attacks growing hugely over text message and social media in the last few years.
Strong passwords can withstand most password crackers, and using a unique password for each account ensures that not all of your accounts will be compromised if your password gets stolen.
How Do Cyber Criminals Hack Passwords?
There are various password hacking techniques cyber criminals use, such as:
- Phishing attacks — Scam websites, texts, or emails that imitate legitimate entities to steal login data and financial information.
- Data breach — Hackers break into a company’s servers and publish private information (including user login details) to the public.
- Brute force attack — Automated programs that can generate every possible password combination until a match is found, perfect for cracking passwords that are 8 characters or fewer.
- Dictionary attack — Programs run through a prearranged list of common passwords to find a hit for the targeted user. This attack often succeeds against weak and predictable passwords.
- Keylogging & trojans — A keylogger can keep a log of your keystrokes, including usernames and passwords. Trojans take screenshots of your screen or share data from your devices with hackers remotely.
Your passwords could also be leaked accidentally by legitimate websites if they have security weaknesses.
Characteristics of Strong & Secure Passwords vs. Weak Passwords
A secure password has at least 12 characters, it’s unusual, and it hasn’t been used before. The most important characteristic of a strong password is its length. The longer your password is, the longer it takes for a hacking software to find a match.
You can also increase the range of passwords possible in a given length by adding complexity. A complex password is one that consists of different kinds of characters like uppercase, lowercase, numbers, and special characters (these are symbols like !, @, #, ?, etc.).
Weak passwords are short, and use basic symbols like numbers and letters, generic language, or personally identifiable information. You can avoid doing this by following my tips on how to create a strong password below.
Best Ways to Create Strong Passwords for All of Your Accounts
The easiest way to create strong passwords for all of your accounts is to use a password manager. You can set the password generator to make random passwords between 12–20 characters, and let the password manager store your logins in an encrypted vault. However, there are other techniques you can use yourself, such as:
The Passphrase Method
With this method, you create a password that is long and unusual, but memorable for you. Think of words and numbers with no logical connection and put them together. For instance, I came up with “Astronauts 94 Book Glass Turnips”. This can become the passphrase “astronauts_94_bookglass_$_turnips”, which is long (33 characters) and unusual, yet easy to remember.
The Mnemonic Sentence Method
This method helps you create memorable passwords that appear random and are hard to crack. For example, your sentence may refer to a personal fact that’s important to you, like “I learned to play my first song at 14 years”. Take the initials of each word and create a string of letters that appears random, so the above sentence becomes “iltplm1stSNG@14”. This password is long and easy for you to remember, but hard for cybercriminals to figure out.
Dos and Don’ts of Creating a Strong Password
No matter which method you’re using, keep these password security tips in mind:
- Don’t use short passwords — Password length is the most crucial factor when it comes to password security. Some hackers can break 8-character passwords in a few hours, but cracking a 15-character passphrase is still next to impossible for most hackers. It’s crucial that your passwords are at least 12 characters long.
- Don’t use common phrases — Avoid common phrases like “The sky is blue” or “I love my cat”. Try being more creative and using methods like mnemonic sentences to create hard-to-guess passwords.
- Don’t use personal information — Avoid using your phone number, social security number, birthday, and other similar personal information that others can easily find out.
- Don’t use obvious substitutions — A password like “Tw!st3R” is weak because it is too short and uses obvious substitutions like “!” for I and “3” for “e”.
- Don’t reuse passwords — It’s dangerous to use the same passwords for different accounts because you risk losing all accounts if just one is hacked.
- Change weak passwords — Password generators like 1Password and Dashlane can check the strength of your passwords and allow you to easily change weak ones.
It can be difficult to follow these tips manually when you’ve got many accounts. I recommend using a password manager like 1Password, which can automatically generate strong passwords and store them safely.
You can also use our very own SafetyDetectives password generator tool, which produces up to 50 unique passwords at a time and supports a length of up to 50 characters.
Use 2-Factor Authentication (2FA) for Extra Security
2FA requires you to enter a second form of verification along with your password before logging in. That way, hackers need your password and your 2FA credentials to access your account. I encourage you to use 2FA for all your compatible accounts (many password managers, like 1Password, flag 2FA-compatible accounts in your password vault). Also, you should secure your password manager with 2FA.
The most common 2FA options are:
Time-Based One-Time Password (TOTP)
TOTPs are short passcodes that expire after a short period (usually 30 seconds) — the codes are generated by an authenticator app that is synced to generate one-time codes for specific websites. For example, 1Password’s built-in authenticator generates the TOTP code for my PayPal login, so each time I log into PayPal, I enter my password and the one-time passcode from my authenticator.
Biometric scanners identify users based on physical characteristics, like a face scan, fingerprint, or even a voice print. Biometric scanning is one of the most powerful 2FA methods (and it’s super convenient). Popular password managers like Dashlane, 1Password, and Keeper are compatible with biometric scanners on Windows, macOS, Android, and iOS devices.
Hardware Security Keys
USB keys like YubiKey are one-of-a-kind USB keys with built-in security protocols — simply plugging your YubiKey into your device provides verification. USB keys are excellent because they can’t be accessed remotely (TOTP authenticators can), meaning a hacker needs your physical YubiKey to access your 2FA-secured accounts.
Email and SMS Authentication
Email and SMS authentication either requires entering a code sent to your email address or text message inbox, or clicking a link in your inbox to verify your identity. This is one of the least reliable 2FA options since it only keeps you safe if your email account hasn’t been hacked. LastPass provides this option, but many password managers don’t.
Hackers can also perform a “SIM swapping attack”, where they gain user access to your mobile phone number, request an SMS authentication code for your account, and then hack into your account. This is why it’s usually advised to avoid SMS authentication if possible.
Best Password Managers for Keeping Your Passwords Secure
Quick Summary of the Best Password Managers for Keeping Passwords Secure in 2023
- 1.🥇1Password — Best overall password manager in 2023.
- 2.🥈Dashlane — Best additional features (VPN & live dark web monitoring).
- 3.🥉Keeper — Good security, plus extras like 2FA, encrypted chat, and cloud storage.
- 4. RoboForm — Excellent auto-fill capabilities and low-cost plans.
- 5. LastPass — User-friendly design with good security features.
- Comparison of the Best Password Managers for Creating Strong Passwords.
🥇1. 1Password — Best Overall Password Manager for Creating & Storing Passwords
1Password is my favorite password manager for Windows, macOS, Android, and iOS devices in 2023. It provides secure 256-bit AES encryption and a ton of great additional features for comprehensive password management.
Its zero-knowledge encryption protocols ensure that nobody — not even 1Password’s staff — can access the information in your account. Plus, 1Password even offers local data storage so you can store your password vault on your WLAN network instead of 1Password’s servers.
1Password’s password generator is also excellent — its Smart Password option automatically meets any site’s password requirements, plus 1Password has options for generating random passwords (up to 100 characters), passphrases (up to 15 words), and even PIN codes (up to 12 digits).
Plus, 1Password provides useful additional features, like:
- Secure 2FA. Secure your master password with biometric scanning, TOTP authentication, or USB tokens.
- Watchtower. Flags weak passwords in your vault, tells you if any of your saved accounts are 2FA-compatible, and provides live data breach monitoring.
- Travel mode. Hides selected logins from your password vault so border officials can’t access sensitive accounts.
- Privacy cards (US only). Provides encrypted proxy cards for online payments to keep your financial information out of business servers.
- Password sharing. Share encrypted logins with anyone using a temporary 1Password link, or sync vaults with family members (also includes permission controls so kids can’t change your passwords).
- 1GB encrypted storage.
1Password’s individual plan includes all of 1Password’s features for just $2.99 / month. The Families plan is my favorite family password manager plan in 2023, covering 5 users and providing a helpful family sharing dashboard for just $4.99 / month. I also like how 1Password Families allows you to add additional accounts for a small fee. You can try 1Password with a 14-day free trial.
🥈2. Dashlane — Best Additional Features (Including Secure VPN)
Dashlane comes with excellent security and a huge range of extra features. It’s compatible with all major browsers, as well as Windows, Android, macOS, and iOS devices.
To secure stored passwords, Dashlane uses 256-bit AES encryption and undergoes frequent third-party auditing of its zero-knowledge security architecture. This means your information is only stored on your device, and it’s fully encrypted on all of Dashlane’s servers.
Dashlane’s password generator is super easy to use. It can generate passwords between 4 and 40 characters, but it doesn’t have a smart password generator or passphrase generator like 1Password does.
I also like that Dashlane supports 2FA login with TOTP generators, as well as biometric login for Windows, Mac, Android, and iOS. Plus, Dashlane offers some of the best additional features on the market, including:
- Live dark web monitoring.
- Virtual private network (VPN).
- Emergency access.
- Password security auditing.
- Secure password sharing.
Dashlane offers all of its features and unlimited password storage with its three premium plans, Advanced (1 user), Premium (1 user), and Friends & Family (10 users). You can get 25% off Dashlane Premium when you enter SAFETYD25 at checkout, so it’s only $2.00 / month.
🥉3. Keeper — Wide Range of 2FA Options + Extras like Encrypted Chat
Keeper is a highly secure password manager with excellent 2FA options, great usability, and some useful extras.
Keeper’s password generator can create passwords up to 100 characters long including letters, numbers, and symbols. With its browser extension, you can easily generate new passwords with a single click in Chrome, Firefox, Edge, Safari, and more.
Keeper also provides heaps of 2FA options, including biometric scanning, smartwatch compatibility for iOS and Android, USB key functionality, and a built-in TOTP authenticator.
In addition, Keeper provides:
- Dark web monitoring.
- Password security auditing.
- Encrypted messaging.
- Cloud storage (10-100 GB).
- Secure password sharing.
I really like KeeperChat, Keeper’s encrypted messaging app. It provides features like timed self-destruction, message retraction, and a secure photo and video gallery.
Keeper’s Unlimited plan includes unlimited password storage and devices, and you can also get dark web monitoring and cloud storage as add-ons. There’s also a family version, which supports 5 accounts. I don’t like that you have to pay extra for dark web monitoring (1Password and Dashlane both include dark web monitoring in all of their plans) but Keeper is still a great value for only $3.75 / month.
4. RoboForm — Best Form Filler + Low Cost Plans
RoboForm provides top-notch security features and impressive auto-filling capabilities. Its password generator tool is easy to use, provides decent customization, and has an enormous 512-character password limit!
RoboForm includes an authenticator app, supports biometric logins, and syncs really well with major authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator. However, it isn’t compatible with USB 2FA keys like YubiKey (which 1Password is).
I really like RoboForm’s auto-filling capabilities — it has 8 templates, and in my testing it accurately filled out a variety of forms, from vehicle registration to my business address.
RoboForm provides these extras:
- Password security auditing.
- Secure password sharing.
- Bookmark storage.
- Emergency access.
RoboForm lacks some helpful extras like encrypted storage (which 1Password and Dashlane have), but it offers a great value. There are 3 plans available: RoboForm Free, RoboForm Everywhere, and Roboform Everywhere Family. The RoboForm Everywhere plan supports 1 user, while RoboForm Everywhere Family covers up to 5 users. You can get RoboForm Everywhere for just $1.15 / month.
5. LastPass — Best for Ease-of-Use
LastPass provides a ton of good features in a very intuitive interface. It uses 256-bit AES encryption to protect user data, provides a zero knowledge policy, and includes 2FA compatibility with TOTP apps, biometric scanners, and USB tokens.
LastPass also includes helpful in-app tutorials to guide new users throughout its interface. While many of the apps on my list (especially 1Password) provide excellent online knowledge bases, LastPass’s in-app text boxes conveniently explain things like importing passwords, editing your vault, auditing your passwords, sharing passwords, and much more.
LastPass offers 3 plans for Windows, macOS, Android, and iOS users — LastPass Free, LastPass Premium, and LastPass Families. LastPass Free offers unlimited password storage (but only on mobile or desktop, not both) and most of LastPass’s premium features. But LastPass Premium offers unlimited password storage on all devices for only $3.00 / month, and LastPass Families covers up to 6 users for only $4.00 / month.
Comparison of the Best Password Managers for Creating Strong Passwords
|Password manager||Starting Price||Free Plan||Password generator length||2FA Options||Unique Extras|
|1.🥇 1Password||$2.99 / month||No (2-week free trial)||Up to 100 characters, 15 words, or 12 numbers||TOTP generator, biometric logins, USB keys||Share passwords with non-users, family vault sharing, data breach monitoring, local data storage, encrypted payment cards (US only)|
|2.🥈Dashlane||$2.00 / month||1 device, unlimited passwords||Up to 40 characters||TOTP generator, biometric logins||VPN, live dark web monitoring|
|3.🥉Keeper||$3.75 / month||1 device, unlimited passwords||Up to 100 characters||TOTP generator, biometric logins, USB keys||Encrypted messaging, up to 100 GB secure storage|
|4. RoboForm||$3.75 / month||1 device, unlimited passwords||Up to 512 characters||TOTP generator, biometric logins||Excellent auto-filling capabilities, bookmark storage|
|5. LastPass||$3.00 / month||Yes, unlimited passwords (either desktop or mobile only)||Up to 100 characters||TOTP generator, biometric logins, USB keys||Advanced 2FA settings, multiple account recovery options|
FAQs — How to Create Strong Passwords in 2023
How do I create strong passwords and remember them?
The best and easiest way to create a strong password is simply to use a password manager. They include password generators that can create super complex and unique logins for all of your accounts — and they store those logins in a secure encrypted vault, auto-filling logins with a single click. 1Password is our #1 password manager for 2023.
But for all you password manager haters out there, here’s a fun mnemonic technique: pick a sentence that is meaningful to you and use the initials of every word to create your password.
For example, as I’ve explained above, your sentence could be “I learned to play my first song at 14 years”. Using the initials of every word, varying letters by uppercase and lowercase, and adding symbols, this can be turned into “iltplm1stSNG@14”. This is easier to remember than a completely random string of characters.
How long is a strong password?
A strong password is at least 12 characters long. While many websites still restrict minimum password length to 8 characters, it’s no longer a safe length. Some hackers have already built tools that can crack an 8-character password in less than 6 hours. Of course, it’s not helpful to have a long password if you’re using it for all of your accounts — you need to use unique passwords for each login.
However, creating long passwords for all of your accounts can get overwhelming. To make this process easier, you can use a premium password manager like 1Password. With this tool you can create unhackable passwords, store them securely in an encrypted vault, and have the password manager auto-fill logins for you.
What is an example of a strong password?
A strong password looks something like this “nSwQTr*A!e9h”. If you look closely, this password has all the characteristics of a strong password — it is 12 characters long and includes a mixture of lowercase and uppercase letters, symbols, and numbers.
The above password was generated by SafetyDetectives’ password generator tool. You can use it to generate any number of long, complex, and strong passwords for free. However, passphrases like “correct-horse-battery-staple” can be just as secure as randomly generated passwords (1Password even includes a passphrase generator — it can make passphrases that are up to 15 words long).
What are the 5 most common passwords?
The 5 most common passwords are:
You should strictly avoid using these passwords or any other password similar to these. These passwords are always the first ones to be tried by cybercriminals during a hacking attack. Moreover, all of these passwords are extremely weak because they are too short, use plain dictionary words or simple number sequences, and completely lack complexity.