The Importance of Strong Passwords and Best Practices for Creating Them

Passwords are the keys to your online accounts, and if they fall into the wrong hands, they can compromise your privacy, security, and identity. According to the Verizon Data Breach Investigations Report, compromised passwords are responsible for 81% of hacking-related breaches. Therefore, it is crucial to create and use strong passwords that can withstand common attacks and protect your online identity.

What is a strong password?

A strong password is one that is hard to guess or crack by humans or machines. It should meet the following criteria:

  • At least 12 characters long. The longer the password, the more combinations it can have, and the more time and resources it would take for an attacker to crack it. For example, a 12-character password with mixed case letters, numbers, and symbols has about 3.2 x 10^21 possible combinations, while a 6-character password with only lowercase letters has only about 3.1 x 10^8 possible combinations.
  • A combination of uppercase letters, lowercase letters, numbers, and symbols. This increases the complexity and entropy of your password, making it harder to guess or brute-force. Avoid using common substitutions like “0” for “o” or “1” for “l”, as attackers can easily try these variations.
  • Not a word that can be found in a dictionary or the name of a person, character, product, or organization. These are easy to guess by using dictionary attacks or social engineering techniques. For example, using your pet’s name, your favorite movie, or your birthday as your password is a bad idea.
  • Significantly different from your previous passwords. Reusing passwords or making minor changes to them can expose you to credential-stuffing attacks, where attackers use stolen passwords from one site to try to access other sites. If one of your accounts is compromised, you should change all your passwords that are similar or related to it.
  • Easy for you to remember but difficult for others to guess. A strong password is useless if you can’t remember it or have to write it down somewhere insecure. A good way to create a memorable password is to use a passphrase, which is a sentence or phrase that you can easily recall but is not common or predictable. For example, you could use “6MonkeysRLooking^” as a password based on a memorable phrase.

How to create and use strong passwords?

Creating a strong password is easier than you think. Here are some tips to follow:

  • Use a password manager. A password manager is a software application that securely stores and fills in your passwords for different websites. It can also generate random and strong passwords for you and alert you if any of your passwords are compromised or reused. Some examples of password managers are LastPass, Dashlane, and 1Password. You can also use Microsoft Edge’s built-in password manager feature.
  • Use a unique password for each website. This way, if one of your accounts is breached, the rest of your accounts will not be affected. You should also avoid using the same username or email address for different accounts, as this can make it easier for attackers to find and target you.
  • Don’t share your password with anyone. Not even with your friends or family members. Sharing your password can expose you to unauthorized access, identity theft, or phishing scams. Never send your password by email, instant message, or any other means of communication that are not reliably secure.
  • Enable multifactor authentication (MFA) whenever available. MFA requires more than one kind of credential to sign in to an account — such as requiring both a password and a one-time code generated by an app or sent to your phone. This adds another layer of security in case someone guesses or steals your password. Many websites offer MFA options, such as Google, Facebook, and Twitter.


Passwords are an essential part of your online security and privacy. By following the best practices for creating and using strong passwords, you can reduce the risk of falling victim to cyberattacks and protect your online identity.