How to create a strong password

We’ve given the world Shakespeare, The Beatles, and telly. But ask us to set a password, and we couldn’t be more unimaginative.

According to the UK’s National Cyber Security Centre, 3.6 million Brits still use ‘password’ as their password. Other popular choices include ‘11111’, ‘12345’, ‘12345678’, and ‘blink182’ (we're not joking).

With 58% of Brits getting hacked in 2019, we clearly need to up our password game. But how do you set the strongest passwords possible? And what do you do to remember them?

Hackers get their hands on passwords using a variety of techniques. The most popular include:

Brute-force attacks

This is trial-and-error on steroids. The hacker deploys special software that keeps generating different username and password combinations until it guesses the right one.

Trojans

Trojans are viruses that look like legitimate software. You’re most likely to download a trojan if you use torrenting websites or click on suspicious links.

Keyloggers

A keylogger is a program that records every key you press. The hacker receives a log of your keystrokes, which they use to guess your login details

Phishing

In phishing, the hacker impersonates someone else to try and get you to reveal your password. Typically, you’ll receive an email that looks like it’s from your bank, your favourite online store, or someone else you trust. A link takes you to a login page where they can capture your details.

Learn more about how to spot phishing phone and email scams in our full guide.

These methods highlight why avoiding weak passwords is so important for online security.

Strong passwords make hackers’ jobs much harder, so it’s likely they’ll get discouraged and move on. Let’s say your password is ‘password’.

According to this calculator developed by the Gibson Research Corporation, it would take a brute force attack program all of 0.00217 seconds to guess it - less than the blink of an eye.

In comparison, it would take 1.41 hundred million centuries to guess a strong password. But what makes a strong password?

How to create a secure password?

A strong password:

• Is as long as possible. This is more important than the password being complex.
• Is random
• Doesn’t contain your name, birth date, anniversary, or other easily-identifiable information
• Is different from your other passwords. This protects you should hackers manage to guess it. 72% of online users reuse their passwords, so hackers will most likely try their luck on different accounts.

Here are three simple techniques you can use to create a strong password:

1. Use a password generator

Websites such as passwordgenerator.net and passwords-generator.org make this as easy as clicking a button. Choose length and what characters to include — lowercase letters, uppercase letters, numbers, and symbols — click generate, and that’s that. Many good password managers (more on these in a minute) also have password generators.

2. The Schneier Method

If you’d rather come up with your own passwords, this technique will help you make them as strong as possible:

• Pick a memorable sentence. This could be a lyric, quote, or something made up
• Shorten the words
• Mix uppercase and lowercase letters and switch some of the letters with numbers or special characters

So, for instance, “Ed Sheeran eating Nutella at Stonehenge” could become ‘3dSh3r’ne@tstnh’g’

3. Pick three random words

The UK’s National Cyber Security Centre recommends this technique: Pick three completely unrelated words and combine them. Then, mix uppercase letters, lowercase letters, numbers, and special characters to make your password more complex.

For example, ‘Curry’, ‘Daffodil’, and ‘Love Island’ could become ‘cuRRyD4ff0Di|L0v3I5lan|]’.

The words should be memorable to you. That said, be careful not to use words that may be easy to guess, for example words related to something you talk a lot about on social media. The National Cyber Security Centre says you should never use your:

• Significant other’s name
• Children’s, family members, or pets’ names
• Place of birth
• Favourite holiday or sports team

Here are some common pitfalls to avoid:

• Don’t use obvious patterns like "123456" or "password."
• Avoid personal details (e.g., birthdays, pet names).
• Never reuse passwords across multiple sites.

The average internet user has 27 accounts, which means 27 passwords to remember.

Luckily, you don’t have to commit them all to memory. There are password managers for that. These are apps that keep your passwords organised and securely stored.

There are two reasons to use a password manager. Firstly, they encrypt your passwords. Secondly, you only have to remember one password - meaning you can make your passwords complex and long without worrying about forgetting them.

In addition to our dark web protection service, ClearScore Protect, we suggest using a password manager like 1Password, a regularly featured service in lists of the best password managers around. They scored top marks in usability, security measures and privacy practices, according to Consumer Reports, making them a great choice if you’re unsure where to start your search.

With hacking on the rise, you may feel increasingly worried about your online security. And understandably so. That's why we created ClearScore Protect: a free identity protection service for all ClearScore users.

We scan the dark web for your passwords every three months to see if they have been stolen. If we find anything, we’ll let you know so you can change your password and protect yourself.