10 Tips To Create A Strong Password In 2024

10 Tips To Create A Strong Password In 2024 Banner
Gareth Shelwell author profile photo
Gareth Shelwell Last Updated: July 05, 2024

Creating a strong password is the first line of defense in securing your online identity and protecting your digital life. But what makes a good password? It's not just about choosing something hard to guess; it involves creating lengthy, complex combinations that are memorable.

In this blog post, we'll guide you on crafting formidable passwords that would take centuries to crack. Best of all, we'll share techniques to help you remember these seemingly impossible passwords.

Technical Note:

We've used zxcvbn, a password strength estimator, to provide an estimated time it would take to crack each password. Additionally, we're taking a conservative approach, assuming that the password hash is very secure, making it hard to crack and that an attacker is guessing 10,000 passwords per second.

1. Long Passwords Are Strong Passwords

Longer passwords are more secure than shorter ones. Aim for at least 12 to 16 characters. Short passwords are easily guessed and susceptible to brute-force attacks. This is when attackers use computing power to systematically guess every possible combination until the correct one is found. Using a long password increases the number of possible combinations, making this type of attack less feasible.

In the examples below, you can see how the length of the password drastically changes the time it takes to crack.

🔒 6 character password example: P@ssw* 
🔒 8 character password example: P@ssw*rd 
🔒 12 character password example: LongP@ssw*rd 
🔒 16 character password example: LongP@ssw*rd*#*^ 

2. Utilize Phrases or Sentences

Consider using a passphrase—a series of words that create a phrase. This can be easier to remember and harder for attackers to crack, especially if you throw some numbers and symbols in the mix.

In this example, we'll transform a relatively weak 12 character password into a truly formidable password that would take centuries to crack.

🔒 Example of what to avoid: HotChocolate 
🔒 Strong password example: HotChocolateOnRa1nyDays!  

3. Use Password Padding

Padding involves the strategic addition of seemingly random characters to your password to increase its length and complexity, making it harder for attackers to crack. This method is especially effective when the added characters include symbols or a mix of symbols and numbers. It can easily transform an average password into an excellent password.

Let's see this technique in action.

🔒 Password without padding: CoffeeForDinner 
🔒 Password with padding: ^(CoffeeForDinner)^ 

4. Avoid Common Words And Phrases

Simple words, phrases, or patterns (like "password" or "123456") are easily guessable. Avoid using easily accessible personal information such as birthdays, names, or common words found in dictionaries. Moreover, password-cracking tools often start with common passwords and frequently used combinations before proceeding to more complex and time-consuming brute-force methods.

🔒 Example of what to avoid: Peter123 
🔒 Strong password example: PeterCr@vesTuna712 

5. Use a Mixture Of Characters

A strong password should include uppercase and lowercase letters, numbers, and special characters. This diversity makes it harder for attackers to guess or crack your password. To increase the length and strength of your passwords further, add special characters before and after.

🔒 Example of what to avoid: securityrocks 
🔒 Good alternative: S3cur!TyR0cks# 
🔒 Great alternative: #S3cur!TyR0cks# 

6. Incorporate Mnemonics

Using mnemonics is a clever way to help you create and remember complex passwords. To make your own mnemonic password, use the first letter of each word in a sentence you can easily recall—bonus points for adding special characters!

Example sentence: "My dog Baxter eats 3 carrots & 4 apples for dinner every night!"

🔒 Password: MdBe3c&4afden! 

7. Avoid Sequential Or Repeated Characters

Sequences like "1234" or repetitive characters like "aaaaa" are weak and easily guessable. Ensure your password avoids such patterns.

Take note of how, in the example, the same characters, arranged in a different order, change how difficult a password is to crack.

🔒 Example of sequential and repeated characters: 12345aaaa 
🔒 Better password example: a45a31a2a 

8. Use A Base Phrase For Different Accounts

Using the same password across multiple accounts increases your vulnerability if one account gets compromised. By using a base phrase, you only need to make minor adjustments for each account. For instance, by appending "4Me!2024" to the end of unique identifiers tailored to different services, you can effortlessly generate secure passwords that present a formidable challenge for would-be hackers, potentially taking years to crack, and are also simple to remember.

🔒 Email: Email4Me!2024* 
🔒 Online Banking OnlineBanking4Me!2024* 
🔒 Facebook: Facebook4Me!2024* 

9. Update Passwords Regularly Using Themes

Change your passwords periodically to reduce the risk of being compromised. This doesn't mean you need to change them every week, but doing so every few months or when there's been a breach reported is a good practice.

Use a theme to make it easier to remember your passwords. Here are some ideas that can help you change your passwords often while keeping them easy to remember.

🔒 Example before update: MyPorcheDr3@ms* 
🔒 Example after update: MyFerrariDr3@ms* 
🔒 Future update: MyBentleyDr3@ms* 

10. Use a Password Manager

Rounding out our top 10 tips to create strong passwords in 2024 is to use a password manager. Remembering a unique, complex password for each of your accounts can be daunting. Password managers can generate, retrieve, and store complex passwords for you, so you only need to remember one secure master password.

🔒 Example from a password generator: Yf&9kZ!b2$4w211^#*ssZ 

Implementing These Tips

Creating a strong password may seem challenging, but incorporating these tips can make the process more manageable and your accounts more secure. Here's how to put these tips into action:

  • Start by brainstorming a phrase or sentence that's meaningful to you. This can be anything from a favorite quote to a random sentence you can easily remember.
  • Modify this phrase by substituting letters with numbers and symbols and incorporating a mix of uppercase and lowercase letters.
  • Ensure the final result is long enough (at least 12 characters) and doesn't contain common words, phrases, or sequences. Add padding to your passwords for ultimate security.
  • Use a different variation of this password for each of your accounts.

By following these tips, you can significantly enhance your online security. Remember, the effort you put into creating strong passwords is a crucial investment in safeguarding your online identity and privacy.

Blog Post

Your password is only as secret as you keep it.

Should you change your password if you suspect you've clicked on a phishing link?

Read our blog to find out!

Frequently Asked Questions

When creating a strong password, what is the most important element?

The most important element is complexity, which includes a mix of uppercase and lowercase letters, numbers, and symbols. An example of a complex password is "^(Li0nsGoRo@R)*".

How to create a strong password with 8 characters?

While using only 8 characters does limit a password's potential strength—since it's generally recommended to opt for passwords with at least 12 characters—you can still maximize its effectiveness. To do this, employ a mix of uppercase and lowercase letters, numbers, and symbols. For instance, "N4&vQ2!p" is a solid example of how to blend these elements into a more secure 8-character password.

What is a good password?

A good password is long (12 characters or more), unique, and contains a mix of characters (letters, numbers, and symbols) without any personal information or common patterns. For example: "^%Pl@Y!NiCE2024" is a good password.

How to create a password?

Start with a phrase or acronym that's easy to remember, substitute some letters with numbers and symbols, mix in uppercase and lowercase letters, and ensure it's at least 12 characters long. Let's use the phrase "When pigs fly" to create a strong password: "#!WhenP1gZFlY#!".

Gareth Shelwell author profile photo
Written by

Gareth Shelwell

An Operations Manager dedicated to helping you safely swim amongst the internet of phish!