How To Make A Good Password – 4 Strong Password Examples

log in box — A good password is one that's impossible to guess.
getty

One of the simplest ways for a hacker to gain control of your online accounts is by getting hold of your password. Sometimes, they do this through brute force attacks — automatically checking millions of random permutations — or by working through words in the dictionary. Sometimes, they’ll use credential stuffing, exploiting the fact that many people reuse passwords across different sites. While parts of the tech world are pushing users toward a passwordless future, we’re constantly told that it's important to always use really strong passwords — but what does this mean in practice? We look at how to create a strong password and help keep your online accounts safe from attack.

What Is A Good Password?

A good password is, essentially, one that it’s impossible or very difficult for an attacker to guess. That means avoiding anything obvious — “password” or “123456” for example, both of which are surprisingly frequently used.

Generally speaking, the longer a password is, the better, and it should include a combination of upper-case letters, lower-case letters, numbers and symbols. While a combination of real words and other symbol is fine, using the name of your child or your favorite sports team is a really bad idea. And you should make sure that each password you use is unique — never reuse a password, or even a very similar one — across more than one site.

3 Methods To Creating A Strong Password

If you’re coming up with a password yourself, you could, of course, simply bash your keyboard at random and use whatever comes out — and that's actually not a bad way of doing it. You should make sure that whatever you come up with is reasonably long and complex.

Some cyber experts recommend using a passphrase — several words strung together — as a starting point; although anything like a song lyric or famous quotation is a really bad idea. It’s also less clever than you might think to use special characters in place of normal letters — pa$$w0rd’, or the like — as hackers are on to that one. Finally, there are a number of password generators online that will come up with one for you that should fulfill all the criteria for a good password.

MORE FOR YOU

Option 1: Use Random Characters

Using a random string of upper- and lower-case letters, symbols and numbers should usually generate a very strong password.

The longer it is the better, with security experts recommending that it should have at least 14 characters. Obviously, this won’t exactly be easy to remember — but there are dozens of free password manager services online that you can use to do the job for you.

Option 2: Use A Passphrase

To create a password that’s secure but a little easier to remember, many security agencies, including the U.S.'s Cybersecurity and Infrastructure Security Agency, suggest the use of a passphrase.

One way to do this is to think of three random words and string them together — needless to say, they should be random, rather than a part of a well-known phrase or something based on personal information, such as 'MyCatTibbles’, for example.

Option 3: Use A Password Generator

Perhaps the simplest solution for coming up with a really strong password is to use a password generator, which does all the hard work for you.

Password generators use random number generators to create strong, random passwords with no patterns or predictable sequences. Most allow you to customize your passwords, and will store them securely — so that the only one you’ll have to remember is the one for the password manager itself.

Examples Of A Strong Password

When it comes to creating a strong password, the longer it is, the better. It’s usually recommended that it should have at least 14 characters.

A strong password will usually contain a mixture of upper- and lower-case letters, numbers and symbols, although it’s also possible to create a good one by stringing together a series of unrelated words. There’s no need to tailor a password to a particular site, although some will require you, for example, to use a minimum number of characters or to include numbers or symbols. One hard-and-fast rule is that you should never reuse the same or very similar passwords on more than one site — and don't use any of the examples given below, just in case hackers are reading this article too.

Example 1: Random Letters And Characters

This password — “qo34inhj#’;[ladfbyulB” — was produced by hitting the keyboard randomly, and includes a mixture of letters and other characters. It's a good length, contains no personal information, and is obviously impossible to guess.

It does have one flaw, which is the lack of an upper-case letter — adding a couple in would make it even stronger.

Example 2: A Passphrase

A passphrase consisting of several real words is an awful lot easer to remember than a randomly-generated password, making it an attractive option. However, you shouldn’t be tempted to use related words or a quotation, such as 'BigBrownDog' or 'ShallICompareThee', as this could potentially be guessable.

Instead, use completely unrelated words, such as 'BillPlantKitchenEngine’. A passphrase will be stronger if it, too, contains numbers or special symbols: 'Bill&PlantKitchenEngine1', for example.

Example 3: Personal Meaning

An ideal password is one that you can remember, but others can’t guess, and one possibility is to create one based on a string of characters that means something to you, but nothing to anyone else.

You could, for example, start with the sentence 'My new house is in San Francisco and is painted white with blue trim’; then take the last letter of each word to come up with 'ywesnnodsdehem'. This does have the failing that it lacks upper-case letters or symbols, but could easily be improved by adding a couple in.

Example 4: Use Another Form Of Identification Instead

Some sites allow you to use alternative methods to verify your identity and access your account. This may be facial recognition, a fingerprint or a passkey, which will be sent to you by text or email and which you then use to sign in.

All these methods are more secure than passwords — and in the case of biometric identification, are also quicker to use and a good deal less hassle.

Bottom Line

We’re constantly told about the importance of using a strong, unique password — but it's not necessarily clear how to do that. A good password is one that's impossible to guess, so you should avoid anything obvious or based on findable information, like your children's names. Go for something long, with a mixture of letters and symbols instead.

Frequently Asked Questions (FAQs)

However strong your passwords are, it’s a good idea to change them regularly — especially passwords for sensitive accounts like your bank or other financial services. Many experts recommend doing this every three months or so.

You should also change all your passwords if you’ve been hacked, or if a service you use has experienced a data breach. Some security experts recommend changing passwords if you've used public wifi too.

It’s worth noting that, while some organizations demand that staff change their passwords regularly, this is considered a bad idea by cyber security authorities, as the hassle of doing it means that people are more likely to reuse passwords or even write them down.

Many sites impose a minimum length for a password, often eight characters, as the longer a password, the more secure it is. Security firms have different recommendations, but generally speaking suggest a minimum character count of between 12 and 20.

There’s no maximum — apart from the length of time you’re prepared to spend typing — but anything longer than 30 or 40 characters is probably overkill. Some password generators create passwords of more than 100 characters, but as password managers store these for you, there's no extra hassle involved.

While it’s tempting to reuse your passwords from one account to another, there are very good reasons for using a radically different password for all of your online accounts.

When criminals get hold of one of your passwords they will often use a technique called credential stuffing to try the same one against all your other accounts and potentially gain access. And, note, it’s not enough to just change a password slightly — if you're using Tibbles123 on one account, they'll check Tibbles321, and other variations, too.

How To Make A Good Password – Four Strong Password Examples