Short on time? Here’s how to create strong passwords in 2024:
- Install a password manager. Choose a good password manager — I recommend 1Password because it’s secure, easy to use, and affordable. Install the password manager (this only takes a few minutes), and then proceed to step 2.
- Open the password generator. From your password manager’s main screen, navigate to the password generator tool.
- Generate and store the password. Generate a password with at least 16 characters and store it in your password manager’s secure vault.
It’s easy to create a strong password in 2024, especially if you use a secure password manager. A good password should have at least 16 random characters, or you can use a passphrase with at least 4 words and 15–20 characters — but the most important thing is that it should be unique. If you’re using the same password for all of your accounts, all it takes is one successful hack, and all of your accounts can be broken into simultaneously.
It’s great to generate secure passwords for every site you use, but even if you do, you could still have your password leaked in a data breach. For example, LinkedIn was breached in early 2021, giving hackers access to over 700 million users’ login information.
That’s why it’s important to use a password manager. Password managers use security tools like random password generators and secure 2FA options to keep your logins secure, even in the face of a data breach.
This article explains the basics of password security, how to create strong passwords, and how to discover if your passwords have been compromised. I also recommend using a password manager (hint: 1Password is #1).
Why It’s Important to Create Strong and Unique Passwords
Password cracking tools can hack basic passwords like “qwerty” and “12345” in a few minutes, and there are huge databases of passwords that have been leaked in data breaches. Hackers use these to try to access random accounts.
Phishing attacks are also a major threat — millions of users give away their login information to scam websites every year, with phishing attacks growing hugely over text message and social media in the last few years.
Strong passwords can withstand most password crackers, and using a unique password for each account ensures that not all of your accounts will be compromised if one password gets stolen.
How Do Cyber Criminals Hack Passwords?
There are various password hacking techniques cyber criminals use, such as:
- Phishing attacks — Scam websites, texts, or emails that imitate legitimate entities to steal login data and financial information.
- Data breach — Hackers break into a company’s servers and publish private information (including user login details) to the public.
- Brute force attack — Automated programs that can generate every possible password combination until a match is found, perfect for cracking passwords that are 8 characters or fewer.
- Dictionary attack — Programs run through a prearranged list of common passwords to find a hit for the targeted user. This attack often succeeds against weak and predictable passwords.
- Keylogging & trojans — A keylogger can keep a log of your keystrokes, including usernames and passwords. Trojans take screenshots of your screen or share data from your devices with hackers remotely.
Your passwords could also be leaked accidentally by legitimate websites if they have security weaknesses.
Characteristics of Strong & Secure Passwords vs. Weak Passwords
A secure password has at least 16 characters, is unusual, and hasn’t been used before. The most important characteristic of a strong password is its length. The longer your password is, the longer it takes for a hacking software to find a match.
You can also add complexity to increase the range of passwords possible in a given length. A complex password is one that consists of different kinds of characters like uppercase, lowercase, numbers, and special characters (these are symbols like !, @, #, ?, etc.).
Weak passwords are short and use basic symbols like numbers and letters, generic language, or personally identifiable information. You can avoid doing this by following my tips on how to create a strong password below.
Best Ways to Create Strong Passwords for All of Your Accounts
The easiest way to create strong passwords for your accounts is to use a password manager. You can set the password generator to make random passwords between 16–20 characters, and let the password manager store your logins in an encrypted vault.
Quick Summary of the best password managers for creating & storing strong passwords in 2024
However, there are other techniques you can use yourself, such as:
The Passphrase Method
With this method, you create a password that’s long, unusual, but memorable for you. Think of words and numbers with no logical connection and put them together. For instance, I came up with “Astronauts 94 Book Glass Turnips”. This can become the passphrase “astronauts_94_bookglass_$_turnips”, which is long (33 characters) and unusual, yet easy to remember.
The Mnemonic Sentence Method
This method helps you create memorable passwords that seem random and are hard to crack. For example, your sentence may refer to a personal fact that’s important to you, like “I learned to play my first song at 14 years”. Take the initials of each word and create a string of letters that appears random, so the above sentence becomes “iltplm1stSNG@14”. This password is long and easy for you to remember, but hard for cybercriminals to figure out.
Dos and Don’ts of Creating a Strong Password
No matter which method you’re using, keep these password security tips in mind:
- Don’t use short passwords — Password length is the most crucial factor when it comes to password security. Some hackers can break 8-character passwords in a few hours, but cracking a 15-character passphrase is still next to impossible for most hackers. It’s crucial that your passwords are at least 12 characters long (16 or more is even better).
- Don’t use common phrases — Avoid common phrases like “The sky is blue” or “I love my cat”. Try being more creative and using methods like mnemonic sentences to create hard-to-guess passwords.
- Don’t use personal information — Avoid using your phone number, social security number, birthday, and other similar personal information that others can easily find out.
- Don’t use obvious substitutions — A password like “Tw!st3R” is weak because it is too short and uses obvious substitutions like “!” for I and “3” for “e”.
- Don’t reuse passwords — It’s dangerous to use the same passwords for different accounts because you risk losing all accounts if just one is hacked.
- Change weak passwords — Password generators like 1Password and Dashlane can check the strength of your passwords and allow you to easily change weak ones.
It can be difficult to follow these tips manually when you’ve got many accounts. I recommend using a password manager like 1Password, which can automatically generate strong passwords and store them safely.
You can also use our very own SafetyDetectives password generator tool, which produces up to 50 unique passwords at a time and supports a length of up to 50 characters.
Use 2-Factor Authentication (2FA) for Extra Security
2FA requires you to enter a second form of verification along with your password before logging in. That way, hackers need your password and your 2FA credentials to access your account. I encourage you to use 2FA for all your compatible accounts (many password managers flag 2FA-compatible accounts in your password vault). Also, you should secure your password manager itself with 2FA.
The most common 2FA options are:
Time-Based One-Time Password (TOTP)
TOTPs are short passcodes that expire after a short period (usually 30 seconds) — the codes are generated by an authenticator app that is synced to generate one-time codes for specific websites. For example, 1Password’s built-in authenticator generates the TOTP code for my X/Twitter login, so each time I log into X, I enter my password and the one-time passcode from my authenticator.
Biometric Authentication
Biometric scanners identify users based on physical characteristics, like a face scan, fingerprint, or even a voice print. Biometric scanning is one of the most powerful 2FA methods (and it’s super convenient). Popular password managers like 1Password, Dashlane, and Keeper are compatible with biometric scanners on Windows, macOS, Android, and iOS devices.
Hardware Security Keys
USB keys like YubiKey are one-of-a-kind USB keys with built-in security protocols — simply plugging your USB key into your device provides verification. USB keys are excellent because they can’t be accessed remotely (TOTP authenticators can), meaning a hacker needs your physical USB key to access your 2FA-secured accounts.
Email and SMS Authentication
Email and SMS authentication requires entering a code sent to your email address or text message inbox, or clicking a link in your inbox to verify your identity. This is one of the least reliable 2FA options since it only keeps you safe if your email account hasn’t been hacked. LastPass provides this option, but many password managers don’t.
Hackers can also perform a “SIM swapping attack” where they gain user access to your mobile phone number, request an SMS authentication code for your account, and then hack into your account. This is why it’s usually advised to avoid SMS authentication if possible.
Frequently Asked Questions
How do I create strong passwords and remember them?
The best and easiest way to create a strong password is to use a password manager. They include password generators that can create super complex and unique logins for all of your accounts — and they store those logins in a secure encrypted vault, auto-filling logins with a single click. 1Password is our #1 password manager for 2024.
How long is a strong password?
For secure passwords, aim for a minimum of 12 characters. Passwords of 8 characters are outdated and unsafe; some hacking tools can breach them in less than 6 hours. Also, using the same long password for multiple accounts is counterproductive; each password should be unique.
But generating lengthy passwords for every one of your accounts can become daunting. To simplify this task, you could use a superior password manager such as 1Password. This tool allows you to generate impenetrable passwords, save them safely in an encrypted vault, and auto-fill login details when you sign into your accounts.
What is an example of a strong password?
A strong password looks something like this “nSwQTr*A!e9hTP!9”. If you look closely, this password has all the characteristics of a strong password — it is 16 characters long and includes a mixture of lowercase and uppercase letters, symbols, and numbers.
The above password was generated by the SafetyDetectives password generator tool. You can use it to generate any number of long, complex, and strong passwords for free. However, passphrases like “correct-horse-battery-staple” can be just as secure as randomly generated passwords (1Password even includes a passphrase generator — it can make passphrases that are up to 15 words long).
What are the 5 most common passwords?
The 5 most common passwords are:
- 123456
- 123456789
- qwerty
- password
- 12345
You should strictly avoid using these passwords or any other password similar to these. These passwords are always the first ones to be tried by cybercriminals during a hacking attack. Moreover, all of these passwords are extremely weak because they are too short, use plain dictionary words or simple number sequences, and completely lack complexity.
You can easily generate strong passwords using one of the techniques I shared above. Even better, you can use a password manager like 1Password to instantly generate secure passwords.