How to build — and remember — strong passwords

It’s difficult to do anything online without piling up a few passwords. Using the same one for multiple sites can leave your private information vulnerable to cyberattacks, and devising strong passwords full of random letters and symbols can make them impossible to remember. A good password doesn’t have to be unintelligible, but it does need to be random enough to avoid any clear patterns. Here are a few helpful tips for building passwords that will keep your online accounts secure without forcing you to hit the “Forgot my password” link every time you want to log in.

At least 12 characters

The longer your password, the more difficult it will be to crack. In general, you should create passwords with a minimum of 12 to 14 characters. But more is always better.

Change it up

Using a mix of different characters like numbers, symbols, capital and lowercase letters makes your passwords stronger.

Avoid full words

Using your favorite team’s name as a password doesn’t cut it anymore. In fact, you should avoid using any full words you might find in the dictionary. That goes for any common phrases, too.


One exception to the above rule is the Diceware method. By stringing truly random words together, you can build a secure passphrase that is easier to remember than a jumble of letters and numbers. To help with this process, search for the Diceware Password Generator. It can randomly select between two and eight words to build your passphrase.

Avoid obvious substitutions

“Password” doesn’t become stronger if you change it to “P@ssword.” Avoid substituting obvious symbols for letters. If it has occurred to you, it has probably occurred to a hacker.

Go to the manager

If you’re having trouble keeping track of all your logins, a password manager can help. Programs like Dashlane, LastPass and Keeper manage your passwords across numerous sites and devices, making it easier to avoid repeats. All you need to remember is one strong password, and you’re set.

Tired of passwords? Apple may have the answer

At its Worldwide Developers Conference earlier this year, Apple demonstrated a new “passkeys” feature that may spell the end for passwords. Rather than inputting a password for every site you visit, passkeys would use a biometric sign-in like the Touch ID or Face ID that currently exists on iPhones and iPads. Websites and apps on non-Apple devices would provide a QR code that sends authentication to the user’s phone or tablet. Just a month earlier, Apple joined with Google and Microsoft to support the development of new passwordless logins on both mobile and desktop devices. So, even if passkeys don’t crack the code, you may not need to juggle passwords for much longer.