Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More
A secure password is crucial in today’s online world. With security breaches and ransomware attacks threatening businesses around the world, it’s important to make sure all the information we share is secured. The best way we can do this is by using strong passwords.
The recommendations surrounding what makes a strong password have changed, however. And so have the methods used to crack them.
We examine some of the best – and worst – ways to create passwords, and explain how you can make strong passwords that won’t be cracked.
Password Examples – Good and Bad
If you and your team are creating your own passwords, then the following examples will hopefully highlight what to avoid, while providing inspiration to create something secure.
It’s important to be honest with yourself, here. We all slip into bad habits when it comes to online security. But, using variations of any of the bad passwords listed below is a recipe for danger, and could put your business in danger.
Don’t wait until something goes wrong. Update your passwords to stronger ones now, while your accounts are secure, and you won’t regret it.
Good Passwords
- Don’tStopBelieving – Using song lyrics in a passphrase can be a very easy way of remembering a secure password. This will be very difficult for a computer to brute force attack successfully. But be wary of lyrics from music that you may have listed as your favorite on social media.
- BatmanIsTheGreatestHeroOfAllTime – Using a memorable phrase can be an effective way of creating a password. Again, don’t pick one that people may be able to guess.
- DogComputerScreenSpeakerTV – A list of words is another very strong method. This example would take 327 septillion years to crack by brute force.
- D0gComput3r$creenSpe&kerTV – This may be slightly more difficult to remember, but replacing some letters with symbols and numbers significantly boosts the security of the password.
Bad Passwords
- Password – This is an obvious one, but it’s still one of the most common passwords used today!
- 12345678 – Number sequences with an order or pattern to them will be cracked almost instantly by any rapid sequence attack.
- Banking01 – Don’t use descriptive passwords that are relevant to the application being used. Using patterns like this would compromise the security of all accounts if one password was figured out.
- 01/01/2000 – Avoid using dates, especially if the date has some personal significance (eg. birthdays, anniversaries, etc.) as this will be easier information for an attacker to find.
- Q!koP9$f – While this provides protection from dictionary attacks, it will only take about 9 hours for a brute force attack to crack this kind of password.
- maga2023! – Looking at you, Donald. A password that can be guessed in just five goes isn’t good enough (and the same goes for yourefired)
How Are Passwords Cracked?
It’s not unusual for regular, everyday people to have their passwords guessed by someone. It could be a suspicious spouse, nosey roommate, or even a child guessing the password to unlock blocked content. More seriously still, this is a very real threat at a corporate espionage level.
But, there’s more to cracking a password than guesswork based on your maiden name, first pet, or alma mater year.
Unlike a “dictionary attack,” where the attacker runs a rapid series of common passwords, a “brute force” attack runs all possible combinations of characters. The rising popularity of brute force attacks has led to a shift in the importance of password strength factors. This changes everything from the recommended complexity to the length of your password.
Password strength tests can be found online, and are a useful tool in securely checking the strength of your existing passwords. Here are some of the world’s most popular passwords and how long it takes to hack them:
The Best Ways to Create Secure Passwords
There’s some debate over how best to go about creating a secure password. The key is creating something that’s easy to enter, and hard to guess.
That’s more difficult than it sounds. After all, the easiest passwords to remember are also the ones that a hacker could crack more easily. Your surname? Date of birth? The word ‘passwd’? No, no and no.
However, going to the other extreme is little help, either. If you were to create long strings of unrelated letters, symbols and numbers – unique for every account you log into – this would be a nightmare for you to remember.
Generally speaking, there are three alternative solutions for creating strong passwords:
- Use a Password Manager – Far and away the best solution, these simple programs create strong passwords for you and your team, then automatically enter them into your online accounts when you log in. You never have to remember the passwords yourself.
- Create Long Passphrases – These are strings of words put together. For example, a favorite song lyric. They can be easy to remember, but the challenge is coming up with a new one for every account.
- Combine Letters, Symbols and Numbers – this can help you create truly un-guessable passwords. The downside? They can be a lot more challenging for you to remember.
Let’s look at each of these in a bit more detail:
1. Password Managers
These work by generating and storing long strings of letters, numbers, and symbols for each account that you log into. Password managers can automatically paste the correct password into the entry box when needed. This way, they remove the need for you to memorize lots of different passwords. Instead, you only need to remember one master password that will unlock the manager itself.
For businesses, password managers provide some serious peace of mind. You’ll be sure that your entire team remains secure, no matter where they sign in from, so you don’t have to worry about a brute force attack leading to a costly security breach.
Remember: When using a password manager for important services, you should always check that the service provider supports the use of password managers.
See our breakdown of the Best Password Managers available to help decide which one would be best for you.
Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Price Overall cost per year for a single user. | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Tech.co's Top Pick | |||||||||||||
NordPass | 1Password | LastPass | Dashlane | Sticky Password | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| $36 | $36 | $60 | $30 | |||||||||
| | | | | |||||||||
$19.95/10 users | $3/user/month | $60/user | $29.99/user | ||||||||||
Try NordPass | Try 1Password | Try LastPass | Try Dashlane | Sticky Password |
Password Manager Pros
- The generated passwords are very secure, due to complexity and length. This generation is immediate and the new passwords can be automatically pasted into the relevant area.
- Password managers remove the need for you to remember all your different passwords.
- The login information stored in most password managers will be encrypted. In the event of a data breach, it would be very difficult for the thief to gain access to specific login details of any user.
Password Manager Cons
- Consolidating passwords behind one master password creates a single point of failure. If your master password for the manager is breached, all of the passwords contained within are vulnerable.
- While there are free password managers, these rarely let you run the password manager on multiple devices (say, your phone and your laptop)
Tempted to try a password manager? It could be one of the smartest moves you could make towards proper online security.
One of our favorites is LastPass, a fantastic all-round password manager that’s easy to use, and can create strong online passwords for you.
Check out our full LastPass review for more detail, or see the deal below:
Pros
- Free tier available
- Makes it super easy to securely log into your accounts from a web browser
- Detects when you’re using the same password on multiple sites.
- Available on all major browsers, iOS and Android
Cons
- Connection issues, though rare, can make password changes maddening.
- Password changing feature is very manual the first time round.
2. Creating Long Passphrases
Passphrases are long strings formed from several words packed together.
These passwords can be easy to create and also to remember, especially if the chosen words have some meaning to you.
That said, choosing words with obvious personal meaning, such as family names, may expose risks from targeted hacking.
As attacks are now more focused on trying as many different character combinations as possible, a good method of defense is making the number of possible combinations as large as possible.
Every character added into a password increases the number of possible combinations exponentially, making the use of passphrases an easy way of increasing your protection.
Long Passphrase Pros
- Provides a good level of security, due to the length drastically increasing the number of possible character combinations.
- Easy to remember, especially if the word string has some slightly personal meaning to you.
- Easier to type out each time, as special characters add very little to the security of the passphrase.
Long Passphrase Cons
- If you create a different passphrase for every site you log into, it can be a huge challenge to remember them all.
- Passphrases can potentially be vulnerable to dictionary attacks if all of the words they’re formed from are regular words found in a dictionary.
3. Letters/Symbols/Numbers
While using a combination of letters symbols and numbers can add security, especially against a dictionary attack, this is offset by the added difficulty in remembering the password.
As a result, it may be tempting to create a shorter password when using this method. This would be risky, due to increased risk from brute-forcing, a popular method used to crack passwords.
Instead, it’s better to rely on combinations of Letters, Symbols and Numbers when creating a password. This method can improve the security of a passphrase, adding symbols or numbers into the word string will provide additional protection against dictionary attacks.
Letters/Symbols/Numbers Pros
- Passwords using a seemingly random combination of letters, symbols, and numbers are very difficult to guess without highly specialized cracking tools.
- Incorporating this method with a passphrase, as described above, can provide increased security.
Letters/Symbols/Numbers Cons
- Using a combination of letters, symbols, and numbers will result in a password that’s more difficult for you to remember. This is made worse if you need to remember different passwords for different accounts (as is recommended).
- Mistakes are much more likely to be made when typing in a password that uses these combinations, and it’s a pain to do on a phone keyboard.
- This method of password creation is no longer as strongly recommended by experts, as increasing the complexity of a password is not as effective as increasing the length.
The Importance of Secure Passwords for Businesses
If you haven’t noticed the substantial increase in security breaches across the business world, you must have your eyes closed. Companies around the world are padding their security measures, as hackers continue to innovate new and nefarious ways to access business data.
In fact, studies show that 81% of security breaches are caused by poor password security, which means that your business could be at risk if you don’t make an effort to keep your team secure.
In earnest, the only way to really ensure that your whole team is taking password strength seriously is with a password manager. They have business-facing plans that give you a bit more control, so you can really see how secure your business is from day to day. Many, such as 1Password, will even create passwords for you. Our favorite is LastPass, which you can get started with right now!
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page