Skip links

The Strongest Passwords and the Best Way to Create (and Remember) Them

Some of the strongest passwords you can use are the ones you don’t have to remember. 

Strange as that may sound, it’s true, if you use a password manager. A password manager creates and securely stores strong, unique passwords for each of your accounts—and does all the remembering for you. 

And remembering is the root of the problem when it comes to insecure passwords. 

Consider how many passwords you have across all your accounts. Then consider the old passwords for accounts and online forums you no longer use, along with all the times you created a password for an online store that you only shopped at once or twice. All those passwords, it’s too much to keep track of, let alone manage. And that leads to insecure passwords. Simple passwords. Or passwords that get used again and again across several accounts. 

Hackers count on that. They love it when people use simple passwords, reuse passwords, grab passwords out of the dictionary, or base their passwords on their pet names that a hacker can easily glean from a victim’s social media posts. They also love “brute force” tools that help them break into accounts by quickly feeding account logins with thousands of potential passwords in minutes.  

So when you make your life easier with simple or reused passwords, you make life easier for hackers too. 

That’s where a password manager comes in. It makes life easy for you to stay secure while still making it tough on hackers—particularly tough with strong, unique passwords for each of your accounts that can you update on a regular basis, which offers some of the strongest protection you have against hackers hijacking your accounts. 

The difference between a good and bad password  

First up, let’s look at password practices in general while keeping a few things in mind. Hackers will look for the quickest payday. In some cases they’ll work with a long list of accounts that they’re trying to break into. If a password on that list proves difficult to crack they’ll move on to the next in the hope that it’ll have a poor password that they can easily crack. It’s a sort of hacker economics. There’s often little incentive for them to spend extra time on a strong password when there are plenty of weak ones in the mix. 

So what do poor passwords look like? Here are a few examples: 

  • Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 
  • Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies.  
  • Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private. 

On the flip side, here’s what a strong password looks like: 

  • Long: Without getting into the math of it, a longer password is potentially a stronger password. When you select from the entire available keyboard of numbers, letters, and symbols, a password that is 12 characters long is far, far more difficult to crack than one with only five or even seven characters. And while no password is entirely uncrackable, taking that number up to 16 characters pushes your password into a highly secure category provided it doesn’t rely on common words or phrases. 
  • Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers. Hacking algorithms look for word and number patterns. By mixing the types of characters, you will break the pattern and keep your accounts safe. 
  • Unique:  Every one of your accounts should have its own password. This is particularly true for sensitive accounts such as your financial institutions, social media accounts, and any work-related accounts. 
  • Updated: While you may have an undeniably strong password in place, it’s no longer secure if it gets stolen, such as in a data breach. In this case, updating your passwords every several months provides extra protection. This way, if a hacker steals one of your passwords in a breach, it may be out of date by the time they try to use it because you updated it. 
  • Backed by Multi-Factor Authentication (MFA): MFA offers another layer of protection by adding another factor into the login process, such as something you own like your phone. MFA has become a staple in many login processes for banks, payment apps, and even video game accounts when they send you a text or make a call to your phone with a security code that’s needed to complete the login process. So while a hacker may have your password, they’d still be locked out of your account because they don’t that security code because it’s on your phone.  

Creating strong passwords on your own 

Long, complex, unique, and updated, all described as above—how do you manage all that without creating a string of gobbledygook that you’ll never remember? You can do so with a passphrase. A phrase will give you those 12 or more characters mentioned above, and with a couple extra steps, can turn into something quite unique and complex. Here’s a three-step example: 

  1. Pick a phrase that is memorable for you: It should not be a phrase you commonly use on social media accounts. If you are an avid runner, you might choose a phrase like, “Running 26.2 Rocks!” 
  2. Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some ofthe letters. Runn1ng26.2R0ck$! 
  3. Include a mix of letter cases: Finally, you want both lower and uppercase letters that are not in a clear pattern. Algorithms know how to look for common capitalization patterns like camelCase or PascalCase. Runn1NG26.2R0cK$! 

Now you have a password that you can remember with a little practice, one that still challenges the tools that hackers use for cracking passwords. 

Creating strong passwords with a password manager 

When you consider the number of accounts you need to protect, creating strong, unique passwords for each of your accounts can get time consuming. Further, updating them regularly can get more time consuming still. That’s where a password manager comes in 

A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They will not be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager. 

A strong password manager also stores your passwords securely. Ours protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your information with the factors you choose. Additionally, our password manager uses MFA—you’ll be verified by at least two factors before being signed in. 

Protecting your passwords 

Whether it’s the passwords you’ve created or the master password for your password manager, consider making an offline list of them. This will protect access to your accounts if you ever forget them. Be sure to store this list in a safe, offline place—recognizing that you want to protect it from physical theft. A locking file cabinet is one option and a small fireproof safe yet more secure. 

A password manager is just part of your password security solution. For example, you’ll also want to use comprehensive online protection software to prevent you from following links in phishing attacks designed to steal your account login information. The same goes for malicious links that can pop up in search. Online protection software can steer you clear of those too. 

In some cases, bad actors out there will simply shop on the dark web for username and password combos that were stolen from data breaches. An identity monitoring service such as our own can alert you if your information ends up there. It can monitor the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. Ours provides early alerts and guidance for the next steps to take  if your data is found on the dark web, an average of 10 months ahead of similar services.​ 

The best password manager makes your time online more secure—and simpler too. 

A password manager takes the pain out of passwords. It creates strong, unique passwords for every account you have. That includes banking, social media, credit cards, online shopping, financial services, or what have you. The entire lot of it.  

And remember, remembering is the thing with passwords. Hackers hope you’ll get lazy with your passwords by creating simple ones, reusing others, or some combination of the two because that makes it easier to remember them. That’s the beauty of a password manager. It does the remembering for you, so you simply go on your way as you go online. Safely. 

Introducing McAfee+

Identity theft protection and privacy for your digital life