How To Create a Strong Password (With Examples of Good Passwords)

Learn how to create a strong password to help keep your information safe and secure.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

With increased dependence on the internet and online services, the rate of cybercrime continues to increase. But what can you do to help avoid being a victim of cybercrime?

Learning how to create a strong password is a good start. You should include at least 12 characters, a mix of uppercase and lowercase letters, and symbols, among other elements. 

We'll show you what good passwords look like and different strategies you can use to help keep your online information safe, including using the best password managers, multifactor authentication, and authenticator apps.

In this article
What do good passwords look like?
How to create a strong password
Good password ideas
Other ways to keep your online information safe
Bottom line

What do good passwords look like?

Creating a strong password is often the first step to learning how to stay safe online. Depending on the types of online services you use, a password could be the key to unlocking your bank account and credit card information or personal information such as your phone number or home address.

To help create a strong password, consider how different elements work together to offer more security. This could include making your password longer and using a mix of numbers and letters. These elements might not offer the best protection alone, but together they could help improve your password security:

Character count

Characters are the letters, digits, and symbols that make up a password. In general, the longer your password, or the greater the number of characters, the better. This is because it could make it more difficult for someone to guess your password or take longer for a program to decipher it. Keep in mind that certain websites might limit the number of characters you’re allowed to use, but using at least 12 characters is a good starting point.

A mix of uppercase and lowercase letters

Mixing in both uppercase and lowercase letters helps improve the complexity of your password. This means a person or a program now has to try more combinations of a password since they have to account for any letter potentially being uppercase or lowercase.


If you’re accustomed to only using letters in your passwords, it’s time to add some numbers as well. The main design behind a strong password is to make it as hard to crack as possible. If there are both numbers and letters involved, that’s one more factor of complexity. Additional layers of complexity could help thwart brute force attacks, or hacking attempts that try every combination of numbers, letters, and symbols available.


Similar to using numbers, adding symbols will help boost the complex nature of a password. Keep in mind that not every website allows all uses of symbols, though the website will typically tell you what symbols are available to use during the account creation process.

No personal information

Avoid using anything related to you, including the year you were born, your birth month, your phone number, your home address, your maiden name, your pet’s name, and more. People tend to use things they can easily remember for their passwords, but those things often overlap with what other people use. This helps to create a common reference point for people trying to crack your password. For example, there were over 3.5 million U.S. births in 1980, which is more than three million reasons not to use “1980” in a password.

No common words or phrases

Similar to avoiding personal information, it’s also important to avoid using common words or phrases that you might find in a dictionary. A frequent hacking strategy is to employ a dictionary attack to crack passwords, which systematically uses common words to guess a password.


An added layer of security could be using a certain level of randomness for a password. This could include shortening words in your password by a letter, replacing vowels in words, or creating your own formula. For example, use the first letter in each of the words of your favorite song, movie, or book title. “Harry Potter and the Sorcerer's Stone” would become “hpatss,” which you could then randomize and use as part of a password.

Your overarching goal with each element you use in the password creation process is to increase a password’s complexity. A complex password will typically help reduce the chances of your password being guessed or cracked by a hacker or hacking program.

Remember to have unique passwords for each of your online accounts and use these elements to avoid weak passwords.

How to create a strong password

If you do a quick online search about creating a strong password, you’ll end up with loads of different ideas and methods. But these ideas are typically connected in one way or another to a few primary strategies, including using a password generator, creating a passphrase, and thinking of a random sentence.

Here’s how they work to help improve your online security and identity protection.

Use a random password generator

If randomness is the name of the game, random password generators are at the forefront of password security. After all, it could be difficult for you to come up with a large string of characters that uses uppercase and lowercase letters, numbers, and special characters.

Enter Avast, a cybersecurity company with over 435 million active users that blocks more than 1.5 billion cyberattacks each month. Other than malware, VPN, and antivirus solutions, Avast also offers the Avast Random Password Generator, a customizable random password generator that’s free and easy to use.

Choose between 1 and 50 characters, as well as options for adding uppercase and lowercase letters, numbers, and special characters. Then generate your password, copy it, and use it.

Create a passphrase

While a random password generator typically includes all the elements you’d want in a strong password, it’s likely difficult to remember the passwords you generated. In this case, you might consider creating a passphrase instead.

Passphrases are often randomly chosen words that are put together to form your password. They might not include numbers or special characters. Since they’re actual words, they could be easier for you to remember. And they often contain plenty of characters to make them harder to crack.

Use a Passphrase is a popular random passphrase generator that’s free for anyone to use.

It offers options for four-word, five-word, and 12-word passphrases, including spaces. If you choose a four-word passphrase, you might end up with something like, “preppy exceeding stucco other.” According to the site, this passphrase would take 4,526,363,277 centuries to crack.

Think of a random sentence

This strategy, sometimes called the “Bruce Schneier method,’ takes a memorable sentence and turns it into a password. For example, “An apple a day keeps the doctor away” could become “aAADktDA” by only keeping the first letter from each word in the sentence and then randomizing the uppercase and lowercase letters.

But for further randomization, you’d also want to introduce numbers and special characters. Depending on how you think about it, you might end up with another iteration, such as “A@plADkpsTH3dA.”

Good password ideas

Using the Avast Random Password Generator and Use a Passphrase sites mentioned above, see how to come up with good password ideas.

Here are three password examples, including their password strength, using the Avast Random Password Generator:

  • Weak: Co@du1
  • Strong: 1s;YB}Xqfs
  • Very strong: ~p%O^{Y+apP=ehei

It’s important to note that these passwords were generated using almost all the same added filters, including adding uppercase letters, numbers, and special characters. The only difference between them is the password length, which ranges from 6 to 16 random characters.

According to Avast, the password length is a key element in determining how strong your password is — likely more than the other elements combined. This reinforces the point that the best password is typically long.

This is also likely why the Use a Passphrase website is still recommended as a viable resource for generating strong passwords. It doesn’t use any numbers or special characters, and it avoids switching between uppercase and lowercase letters. It does, however, use spaces between words and generates long passwords.

Here are a few examples of passwords generated from Use a Passphrase:

  • carded kilowatt theft blustery
  • recreate marlin unvaried serving travel
  • varsity diminish fraction drone sappy cable surcharge ideology monstrous fantasize bloating supreme

The sheer number of characters and the general randomness of the words contribute to a strong password. But since these are actual words and not a bunch of random gibberish, you might have an easier time remembering them.

The most commonly used passwords

Remember to completely avoid anything to do with passwords that are most commonly used and easily hacked. This includes using the exact password or any iteration of it.

According to extensive research by CyberNews, here are the 10 most common passwords in 2022:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890

Other ways to keep your online information safe

Learning how to create a strong password is helpful, but it’s not the only way to stay safe virtually. Here are a few additional ways to help keep your online information safe:

Use a password manager

A password manager typically offers ways to generate strong passwords and securely store your passwords. This way, you don’t have to try and remember a few dozen passwords at once or reuse old passwords. Here are some recommendations for password managers and services that include password managers to protect your personal information:

  • NordPass: NordPass comes from the trusted Nord name, so your login information and other details will be well-protected. Its end-to-end encryption is available on the free version and on the paid product, so it can suit any budget.  

    Get NordPass | Read Our NordPass Review

    Editorial Rating
    Learn More
    On NordPass's website
    Password Manager
    60% off + 3 months free
    • Strong encryption and security
    • User-friendly interface

  • Bitdefender: Along with offering reliable antivirus protection, Bitdefender also offers a password manager with its security suites. Its password manager provides password strength advice, autofill, and automatic password leak alerts.

    Get Bitdefender | Read Our Bitdefender Review

  • Aura: Aura is an identity theft protection service that also comes with a suite of cybersecurity features, including a password manager, to keep you safe online. Aura also uses AI to block spam calls and texts, monitors data breaches for your info, and includes a virtual private network (VPN).

    Get Aura | Read Our Aura Review

Keep in mind that a password manager is only as secure as the master password you use to access it.

Featured password managers

Best for Best overall password manager Simple password management High-end security
Starting price Starts at $1.19/mo (billed biannually) for the first two years Starts at $0.99/mo Starts at $2.92/mo (billed annually)
Compatibility Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Opera Windows, macOS, Linux, iOS, Android, Chromebook, Chrome, Firefox, Edge Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Edge, Safari, Brave, Opera
Learn more Get NordPass Get Roboform Get Keeper 

Set up multi-factor authentication

In most cases, if your password is cracked, your account will be breached. But with multi-factor authentication or two-factor authentication, you typically need to enter the correct password and then satisfy another requirement before accessing an account. This could include receiving a pin number or code to your phone or email.

Consider authenticator apps

This strategy uses multi-factor authentication but in a specific way. Rather than receiving a text message or an email with a code, you check your linked authenticator app. So the process of accessing a certain account would include entering your password and then getting a code from an authenticator app such as Google Authenticator or Microsoft Authenticator.

Opt for biometrics

Certain devices, including compatible iOS and Android devices, offer the use of biometrics for accessing different accounts. This could include using a fingerprint or facial recognition rather than entering a password. You typically still need to enter your login credentials when logging into your account for the first time, but further attempts could use your biometric information instead. Using unique biometrics could make it easier for you to access your accounts, but potentially throw off hackers.

Avoid suspicious links and communication

Phishing is a cybercrime associated with cybercriminals posing as legitimate people or institutions with the end goal of gaining access to your personal information. You might see common phishing attempts and scams associated with email spam, messages on social media, and more. It’s always in your best interest to avoid clicking on any suspicious links or giving information to anyone you don’t know. Consider anything that might look out of the ordinary to avoid falling for a phishing attempt. This could include looking closely at email addresses, names of people, how messages are worded, strange attachments, and more.



What 5 things make a strong password?

These five things help make a strong password:

  1. Making it different from any other password
  2. Using at least 12 characters, but more is better
  3. Using both uppercase and lowercase letters
  4. Using numbers and special characters
  5. Avoiding common words and personal information


How long should a password be?

A password should be as long as possible to provide additional security for your information. A general rule of thumb is to use at least 12 characters as a minimum, but 16 characters or longer would be even better. The characters within your password should typically include a mix of uppercase and lowercase letters, numbers, and special characters.


Are longer passwords harder to crack?

Longer passwords are typically harder to crack because there are more characters to guess. However, a long password alone is only one step to creating a strong password. In addition to having at least 12 characters, strong passwords typically include a mix of uppercase and lowercase letters, numbers, and special characters.


What is the most hacked password?

According to the U.K.’s National Cyber Security Centre, the most hacked passwords are:

  • 123456 (23.2 million users)
  • 123456789 (7.7 million users)
  • qwerty (3.8 million users)
  • password (3.6 million users)
  • 11111111 (3.1 million users)

Bottom line

Learning how to create a strong password could be the difference between keeping your information safe and private or being hacked. When creating a secure password, remember to use long character counts, avoid common words and phrases, and remove all personal information. Using both uppercase and lowercase letters, numbers, and special characters is also recommended.

Staying safe while using the internet and different online services involves multiple layers of security, including using strong passwords. But this is only one step toward staying secure online. You should also consider the best identity theft protection to protect your personal information and your peace of mind.

Editorial Rating
Learn More
On Aura Identity Theft's website
Identity Protection
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security

Author Details
Ben Walker is a security, travel, and credit card writer with a passion for all things internet and technology, whether it's using VPNs while away from home or organizing his life with password managers.