Keeping our information safe online is more important than ever. One of the best ways to protect ourselves is by creating strong, secure passwords. But many people still underestimate the power of a robust password, often using weak ones or reusing the same password across multiple accounts. In fact, a 2021 Verizon study found that 81% of data breaches worldwide are linked to password issues.
With these threats in mind, it’s worth knowing how to create and manage strong passwords to keep your accounts and data safe. Here are some practical tips for creating secure passwords and managing them easily.
A secure password is your first line of defense against cyberattacks. To be effective, it should be at least 12 characters long, using a mix of lowercase and uppercase letters, numbers, and special characters to make it harder to crack.
Avoid using personal information like your name, birthdate, or common words that could be easily guessed, as well as obvious number sequences like "123456." Ideally, you should have a unique password for each account to protect the rest of your accounts if one gets compromised.
Be mindful of how you store your passwords, too. Post-it notes, text files, or your smartphone aren’t secure options. And try to avoid saving passwords in a browser on a shared computer to prevent unauthorized access.
Simple passwords are especially vulnerable to brute-force attacks and phishing. Brute-force attacks involve testing all possible combinations to guess a password, which is quick and easy to do with short or basic passwords. Phishing, where cybercriminals pose as trusted entities to trick users, becomes even more dangerous if the password is simple or reused across multiple accounts.
The most common—and therefore most vulnerable—passwords are those that are simple and easy to guess. According to data published by the password manager NordPass in its report on common passwords, here’s a list of the worst passwords used:
At the top of the list is the most frequently used password, "123456." This is followed by: "password," "123456789," "azerty," "admin," "1234561," "azertyuiop," "000000," and "password."
These passwords are some of the most common and riskiest because they are often the first ones attackers try during hacking attempts. In fact, common passwords like these usually take less than a second to crack.
For a secure password, try using an online password generator, like those from LastPass or Dashlane, which create strong, random combinations for you. These tools make sure your passwords are complex enough to stand up to hacking attempts.
If you'd rather make your own password, the UK’s National Cyber Security Centre (NCSC) suggests a simple approach: start with a memorable phrase. Pick something easy to remember, then create your password using the first letters of each word, adding in numbers or symbols to make it even stronger.
Password managers like 1Password are invaluable for keeping your login details safe. They store your passwords in a secure digital vault, generate complex, unique passwords, and keep everything synced across your devices.
For extra security, enable two-factor authentication (2FA) whenever possible. This extra step makes it much harder for attackers to access your accounts.
Reusing the same password for multiple accounts is risky—if one account is compromised, all of them could be. It’s also key to keep an eye on any security alerts and act quickly to prevent unauthorized access. Finally, avoid storing passwords on insecure devices, like sticky notes or unencrypted files. Use secure tools instead to keep everything safe.