Password Security

Your first line of defense against hackers

Strong passwords are essential for protecting your online accounts. In this lesson, you will learn how to create passwords that are virtually impossible to crack and discover tools that make managing them effortless.

Creating Strong Passwords

A strong password is long, unique, and hard to guess. It should be at least 12 characters and mix letters, numbers, and symbols. The longer your password, the harder it is for attackers to crack through brute force methods.

Best Practices

  • Use a passphrase: Correct-Horse-Battery-Staple is better than P@ssw0rd
  • Make each password unique for every account
  • Use a password manager to remember them all
  • Avoid personal info, birthdays, or common words
  • Use 3-4 random words with spaces between them

Common Mistakes

  • Never reuse passwords across different sites
  • Never share your password with anyone, even family
  • Avoid patterns like "123456" or "qwerty"
  • Don't use your name, pet name, or birthdate

Password Examples

Strong Password:

purple-cloud-mountain-42

Weak Password:

password123

Strong Password:

Coffee-Tiger-2024-Galaxy!

Weak Password:

john1990

Password Managers

Password managers are like a secure digital vault for all your passwords. You only need to remember ONE master password, and the manager handles the rest. Popular options include Bitwarden (free and open source), 1Password, and Dashlane.

Why Use One

  • Use a trusted password manager (Bitwarden, 1Password, etc.)
  • Set a very strong master password (16+ characters)
  • Enable two-factor authentication (2FA) on manager
  • Most password managers work across all your devices
  • They can generate strong random passwords for you

Avoid These Mistakes

  • Never store passwords in your browser (easier to steal)
  • Don't write passwords on sticky notes near your computer
  • Avoid browser-based password managers when possible
  • Be careful with free password managers (use well-known ones)

Frequently Asked Questions

What makes a password strong?
A strong password is at least 12 characters long, unique to each account, and hard to guess. The best approach is to use 3-4 random words separated by spaces (like "purple-cloud-mountain-42") or a passphrase that's memorable but not based on personal information. Avoid common patterns like "123456", "password", or substitutions like "P@ssw0rd" which hackers already know.
Why should I use a password manager?
A password manager securely stores all your passwords in an encrypted vault. You only need to remember ONE master password. Password managers can generate strong, unique passwords for every site, automatically fill logins, and sync across devices. Popular options include Bitwarden (free), 1Password, and LastPass. Using one significantly reduces the risk of account breaches.
How do hackers crack passwords?
Hackers use several methods: brute force attacks try millions of combinations, dictionary attacks try common words and variations, credential stuffing tries usernames/passwords from data breaches on other sites, and social engineering tricks people into revealing passwords. Long, unique passwords defeat most of these attacks because they take too long to crack.
Is it safe to write down passwords?
Writing passwords on paper stored securely at home is actually safer than reusing passwords or using weak ones you can remember. However, a password manager is more convenient and secure. Never store passwords in plain text files on your computer, in emails, or on sticky notes visible at your workspace.
How often should I change my passwords?
Current security guidance says you should change passwords when there's a reason to, not on a fixed schedule. Change a password immediately if: you learn of a data breach, you shared it with someone, you used it on an untrusted device, or it was weak. For strong, unique passwords managed in a password manager, there's no need to change them regularly.

Ready to Practice?

Test your password knowledge with our interactive strength checker and games.

Try Interactive Version