How to Create a Strong Password

5 Tips for Creating a Strong Password

Coming up with a single strong password isn't necessarily difficult, but creating and managing strong passwords for all your accounts can feel like a chore. Use these tips to evaluate and wrangle your passwords.

1. Use Long Passwords With Different Characters

Many online accounts require a minimum password length, such as eight or 10 characters. But try to do more than the minimum. Longer passwords are stronger than short passwords, especially when they contain a mix of lowercase letters, uppercase letters, numbers and symbols.

For example, hackers might be able to crack an eight-character password that only has numbers or lowercase letters within a day. But it might take seven years to crack an eight-character password that has lowercase and uppercase letters, numbers and symbols.

Learn more: How Do You Protect Your Personal Information Online?

2. Create New Passwords for Each Account

Reusing the same password for multiple accounts can be a dangerous habit. If your password is exposed in a data breach, the hackers may sell the stolen information to countless criminals on the dark web and in criminal forums. In turn, they can attempt to use the same password to log in to your accounts at other companies.

3. Make Every Password Unique

Using a pattern or common element can make remembering passwords easier. For example, if your password is "pet's name + 123#@! + company name," that might look like Fluffy123#@!Experian. It's a fairly long and complex password that's strong by some standards. However, using the same pattern for every account makes your passwords easy to guess.

Imagine a hacker is looking at a spreadsheet with three of your accounts and their passwords. It won't be difficult to spot this pattern and guess the password for your online bank account.

A more complex pattern isn't the answer. Password-cracking tools are much better at finding patterns than humans. Instead, make sure your passwords are unique in every sense of the word.

4. Try a Password Manager

Creating strong and unique passwords that don't rely on a pattern can be difficult if you also want to remember and easily type your passwords.

A password manager can help solve this problem by creating, storing and entering passwords on your behalf. You'll only need to remember one password to access your password manager—and you can make that one extra strong.

There are potential downsides to password managers, including the possibility of a data breach and the monthly or annual cost for a subscription. But the benefits tend to outweigh these downsides for people who want to secure their online accounts.

Learn more: Identity Theft Protection Tools and Measures You Can Use

5. (Maybe) Write Down Your Password

If you don't want to use a password manager, try to come up with a secure way to store your passwords. An offline approach, such as a pen and notebook, may actually be safer than keeping them in a document on your device. But consider the situation.

Writing a password on a sticky note that's on your desk at work isn't very secure. Similarly, if you live with roommates or frequently have guests over, you might want to think twice about keeping passwords written down in an easily accessible area.

However, if you can confidently keep your passwords safe and offline, that could be a good option. You could also write down a reminder rather than the actual password to improve security.

Mistakes to Avoid When Creating a Password

Attackers can use brute force attacks to quickly guess different username and password combinations. And by quickly, we mean trillions of different combinations every minute. With that in mind, here are a few mistakes you'll want to be sure to avoid when you're creating passwords:

• Using common passwords and modifications: Password-cracking tools have dictionaries of common words, terms, names and passwords. "Secret" is the most common password in the U.S., followed by "123456" and "password." These tools can also automatically try variations, such as swapping @ for an "a." So, try to avoid using common passwords and alterations.
• Using personal information in the password: It may be best to avoid using personal information that someone could figure out online. For example, you might not want to use old addresses, birthdays or the name of a pet or family member in your password.
• Reusing passwords with multiple accounts: We explained why above, and here's another reminder. Don't use the same—or similar—passwords for multiple accounts.
• Leaving the default password: Some devices and accounts come with a default password, such as "admin" or "password." Make sure you change these passwords right away because the default options are often public knowledge or easy to guess.

Learn more: What Is Account Takeover Fraud and How Can You Prevent It?

Other Ways to Protect Your Account Information

Even the best password can't protect you from every type of attack, but there are additional security measures you can put into place. Some of these could help keep your account secure even if someone figures out your username and password.

• Set up multifactor authentication. Once you turn on multifactor authentication (MFA), someone will need at least two types of authentication to log in to an account. The first is usually a username and password, and the second could be a code that you receive by text or a code from an authentication app. Even if an attacker knows your username and password, they won't be able to log in without the additional codes.
• Use a passkey instead of a password. Some websites and services now support passkeys, an alternative way to log in to an account without a password. You'll need to use a device or password manager to generate and store passkeys. Unlike passwords, you don't have to choose or remember anything. The other company also won't know your passkey, so it can't be exposed in a data breach.
• Keep devices and antivirus software updated. If someone installs malware on your device, they may be able to steal your login credentials and break into your accounts. Having a strong password won't help, which is why regularly updating your devices and apps—and scanning for malware—is important.
• Change your passwords regularly. You should change your password immediately if you find out that your account may have been compromised in a data breach. Additionally, you might want to regularly update your passwords in case the company is breached without realizing it.

You'll also want to be mindful of scammers and fraudsters who trick victims into giving them access to a device or installing malware.

Learn more: What to Do if You Are Infected With Malware

Strong Passwords Are Just the Start

Using strong passwords is important, and you can use the tips above or a password manager to create and organize your passwords. However, a strong password should be the minimum you do to secure your accounts. Taking additional steps, like enabling MFA and updating devices, is also important.

You can also look for unusual activity that could indicate someone has stolen your identity or accessed your accounts. The free credit monitoring service from Experian has customized alerts that will tell you about new inquiries, accounts and changes to your personal information. Experian also offers paid premium memberships with additional features, such as financial account takeover alerts. Review the options to figure out which one might be best.