Protect your passwords

Download Norton 360 Deluxe to help create, securely store, and manage your passwords. Get powerful online security.

Get it now

Protect your passwords

Install Norton 360 Deluxe to help create, securely store, and manage your passwords.

Get it now

How to create a secure password

A person creates new secure passwords after a data breach to protect their accounts.

People lose money to account takeovers every year—but you don’t have to. Instead of using simple passwords and reusing them across your accounts, create long and unique passwords to keep your accounts more secure. And get Norton 360 Deluxe with its built-in password manager to help keep your passwords safe and protect against hacking.

You might be tempted to make your passwords easier to remember or incorporate cues from your daily life, like birth dates, anniversaries, and pet names. Unfortunately, these tidbits of information make your passwords more predictable and leave them more susceptible to brute force attacks, credential stuffing, and dictionary attacks.

To better protect yourself from cybercrime and account takeovers, create secure passwords by leveraging randomization, length, originality, and passphrases.

5 tips to create secure passwords

When it comes to online security, creating long, strong, and unique passwords is your first line of defense. Here are five key tips to create strong passwords, fortify your accounts, and keep your personal information safer online:

Password mistakes to avoid

Make your passwords more secure by avoiding the following:

  • Numerical patterns like “1234”
  • Common words like “password” or “guest”
  • Repeated characters like “1111”
  • Keyboard patterns like “qazwsx” or “asdf”
  • First and last names
  • Pet and family member names
  • Nicknames
  • Important dates
  • Cities you’ve lived in
  • Schools you’ve attended
  • Reversed words like “drowssap”
  • Character substitutions like using “@” in place of “a”

1. Randomize your passwords

Random passwords are the ultimate shield against hackers. Since they lack patterns and personal information, it’s nearly impossible for hackers to guess them using dictionary attacks, numerical patterns like “123,” or birthday predictions. You should also avoid falling into the trap of using guessable words that are significant to your life, like nicknames, surnames, pets, cities, and schools you attended.

An example of a secure password that uses sufficient randomization and a weak password that doesn’t.

2. Make passwords long

Longer passwords are more secure because every additional character increases the number of possible combinations. That means that it’s harder for hackers to guess your password. It also makes the password-cracking process more time-intensive, which could deter brute force attacks. To maximize account security, make your passwords at least 15 characters long.

A comparison image showing a sample password that is too short and one that is long.

3. Avoid password recycling

Recycling the same password across accounts makes your passwords less secure. If an attacker compromises one password, all your accounts with the same password are at risk. To boost your password security, create a strong and unique password for every account. You can use a secure password generator to create them and a password manager to store them.

An example showing how you can use a password manager to protect and remember your unique and secure passwords.

4. Use symbols, cases, and spellings

Even if you develop a completely original password, it could still be easy to guess if you spell a word correctly, use predictable cases, and don’t use numbers or symbols. Up the ante by incorporating a mix of uppercase (A – Z) and lowercase letters (a – z), numbers (0 - 9), and symbols (#, $, %). Also, don’t substitute letters with symbols or numbers (like "p@ssw0rd") unless you’re creating a passphrase—most cybercriminals are well aware of this password trick.

An example of a poor password and a secure password that has unique elements like numbers and symbols.

5. Opt for long passphrases

Passphrases are strings of words that can help protect your accounts in the event of password attacks. They should use a complex and lengthy mix of characters, 5 to 7 words, and symbols. As a bonus, they are easier to remember since you can base them on movie quotes, rhymes, songs, etc., making them especially useful for securing your home computer lock screen.

Just don’t use personal information or choose a passphrase directly linked to something you’ve shared publicly. For example, if you’re a loud and proud Swiftie, don’t use one of Taylor Swift’s songs to inspire your passphrase.

An example of a strong password and a strong passphrase.

If you’re not sure whether your passphrases are strong enough, consider using a random password generator to come up with hard-to-crack ideas.

How to remember strong passwords

While strong passwords are vital, remembering them can be tough, especially when you’re supposed to have a long, strong, and unique iteration for each account. Consider using a password manager like Norton Password Manager or mnemonics to stay on top of your passwords.

Password managers

A password manager is a secure digital vault that stores all your passwords. You just need to remember one master password to access it. Then, you can securely and conveniently auto-fill your credentials when you visit a website’s login page.

Mnemonic devices

A mnemonic device is a memory trick that helps you recall information by associating it with something more memorable, such as a phrase or rhyme. You can use these to remember secure and complex passwords—just come up with a memorable phrase or acronym.

For example, you know you shouldn’t use your name in a password. But you can use your name as a mnemonic device for a passphrase. So, instead of making your password “AdamC” (your first name and surname initial), you could use the mnemonic device, “AstronautDrivesArmorMiracleCorduroy,” to remember each word of your passphrase. Of course, you also need to mix up the cases and add numbers and symbols.

Why is password security important?

If passwords aren’t strong and kept secure, cybercriminals could gain access to your accounts. That can lead to scams, financial repercussions, or even identity theft. And then there’s the added stress of recovering hacked accounts or a stolen identity.

  • Scams: If a cybercriminal can access your social media accounts or email with your password, they could scam your contacts or use your own information against you in a social engineering attack.
  • Financial loss: Whether it’s your bank account drained, blackmail, or transferring money from your payment app, the end goal for password thieves is typically financial.
  • Identity theft: If an identity thief has enough information about you, a password could be the final piece of the puzzle they need to achieve their objective. That could be anything from taking out a loan in your name to ordering a new credit card and intercepting it.

How are passwords stolen?

Cybercriminals steal passwords through a variety of methods using scams or hacking techniques.

  • Data breaches: If your password is exposed in a data breach, hackers can use it to access the associated account.
  • Password-guessing attacks: Dictionary attacks involve hackers trying common words and phrases at scale to guess passwords.
  • Malware: Some types of malware can steal your passwords or record your keystrokes as you type.
  • Phishing: A phishing attack can be designed to trick you into revealing your password. An attack via email or text could also urge you to click a link that takes you to an unsafe website where you enter your password and unknowingly expose it.
  • Social engineering: Phishing is a common type of social engineering attack but there are other examples, like a scareware attack that could lead to a hacker stealing your password.

How to keep your passwords safe

Password security requires a comprehensive approach. To keep your passwords safe:

  • Create long, complex passwords
  • Use unique passwords for every account
  • Use a reputable password manager
  • Enable two-factor authentication (2FA)
  • Change your passwords regularly
  • Subscribe to data breach alerts
  • Avoid clicking suspicious links
  • Don’t share your passwords with anyone
  • Use a reputable security app like Norton 360 Deluxe

Help keep hackers out of your accounts

Strong passwords alone aren’t a foolproof defense against all cyberattacks. However, a strong password coupled with a security tool like Norton 360 Deluxe can go a long way toward safeguarding your accounts and devices.

Norton 360 Deluxe includes a built-in Password Manager to help you create, store, and secure your passwords. Plus, it offers powerful protection against hackers, malware, and other online threats.

FAQs about password security

Still have questions about password security? Here’s what you need to know.

What is an example of a good vs. bad password?

An example of a good password is h_wlH49l*epew3ka$l@o; it’s good because it’s longer than 15 characters and uses a complex mix of letter cases, numbers, and symbols. Also, it doesn’t include any personal information.

An example of a bad password is adam1234 because it’s short, only uses lowercase letters, includes a name and predictable numerical pattern, and doesn’t have any symbols.

How long should my password be?

A strong password should be at least 15 characters long, with a combination of different character sets like letters, numbers, and symbols.

How do I know if my password is no longer secure?

If your password is short, simple, has been shared with others, used on multiple accounts, or has been compromised in a data breach, it is not secure. On top of creating long, strong, unique passwords, you should also change them regularly if you want strong password security.

What is the best password manager?

One of the best password managers is Norton Password Manager. It offers many benefits, including:

  • Spotting weaknesses in your logins
  • Helping you create complex passwords
  • Protecting login information in a secure online vault
  • Using biometrics to verify mobile logins
  • Syncing logins across devices
Ellie Farrier
  • Ellie Farrier
  • Cybersecurity writer
Ellie Farrier is a Prague-based cybersecurity writer interested in how technology and society overlap, especially the impacts of device security. Previously, she worked as a technical writer, diving into product troubleshooting, how-to guides, and tech usability.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.