How do I create a strong password?

Feeling overwhelmed by all the password rules out there? You are not alone. We can set up a proper password system on your devices during a visit and leave you with something you can actually remember. Give us a call.

Length beats complexity

For years, websites taught people to use passwords like "Tr0ub4dor&3". They are hard to remember, hard to type, and (surprisingly) not actually that strong. Computers that try to guess passwords do not think the way a human does. They try billions of combinations a second, so length matters far more than how clever the substitutions look.

The modern advice, backed by security experts, is to use a passphrase: several random words strung together. A passphrase like "river candle tiger pencil" is easier to remember and takes far longer for a computer to crack than a short "clever" password. Make sure the words are genuinely random, not a famous phrase, song lyric, or Bible verse.

Strong versus weak: side by side

Here are examples of passwords that look strong but are not, next to passwords that actually are. Do not use any of these as your real password, obviously. They are only to show the difference.

• Do this: long passphrase

  Four random, unrelated words stuck together. For example, something in the spirit of "copper violin bakery thunder". Easy to picture, easy to remember, and long enough to be strong. You can add a number or two if a website demands it, but you do not need to.

• Not this: short with symbols

  Passwords like "Welcome1!" or "Summer2026$" look like they tick all the rules boxes but are actually among the first things a password cracker will try. Length matters. Substitutions like 0 for O or @ for a do not help.

• Do this: unique for each account

  Different important accounts get different passphrases. Email, banking, and your main shopping site each get their own. A password manager makes this easy: you only need to remember one master passphrase and it handles the rest. Our guide on password managers covers the options.

• Not this: personal information

  Pet names, birthdays, kids' names, street names and anniversaries are all things a scammer can find on social media in ten minutes. Never build a password around them, even if you swap a letter for a number. Use random words instead.

Why reusing passwords is the real risk

The single most common way people get hacked is not because someone guessed their password. It is because a website they signed up on years ago got breached, and the scammers then tried the same email and password at dozens of other websites. If you use the same password everywhere, one breach means everything falls at once.

You do not have to make every single account unique. Focus on the important ones first: your email (because it is used to reset every other account), your bank, and anything with saved payment details. Those three should each have their own strong passphrase. Anything lower stakes can share, though it is better if they do not.

Two-factor authentication is the real game changer

Even a strong password is not perfect on its own. Two-factor authentication (sometimes called 2FA) adds a second check, usually a code sent to your phone, so that even if someone learns your password they still cannot get in. Turning this on for your email and bank is the single best thing you can do to stay safe online. We cover it in its own guide.

When to call us instead

Call us if you are not sure how to change your passwords on your accounts, if you want a password manager installed properly on your phone and computer, or if you would rather someone just set all of this up for you in one calm visit. We handle this as part of our online safety tuneup and it is one of the most useful visits we do.