How to create a strong password

Find out the key to a good password so you can keep all of your accounts and information secure

Written by spunout


Many of us rely on our online accounts to get through the day. We use social media to connect with others, pay for things online using cards and online bank accounts, and save important files, whether for school, college or work, or our own personal documents, on storage sites like Dropbox or Google Drive.

With so much important information stored online, having a strong password is essential to make sure your accounts are safe and difficult to get into. If your password is not strong enough, it increases the risk that someone could guess it and gain access to your accounts. 

What makes a good password?

A good password is simply one that only you know and can’t be reasonably guessed by another person or a computer. Some of the most common passwords include ‘123456’ and ‘password’. These are very easy for hackers or computer software to guess. Many sites will not allow passwords this simple, but keep in mind the easier you make it for yourself, the easier you make it for the hacker. If you’re worried you won’t remember a complex password, consider using a password manager.

Computer programs trying to hack your account often start with the most common passwords, followed by trying words from a dictionary with common alterations like numbers. Making your password more complex will make it more secure.

 Here are some things that make a complex password:

  • It is 8 characters or longer
  • Has uppercase and lowercase letters
  • Has at least one number
  • Has at least one symbol
  • Does not contain names of people or places, or contain direct words from a dictionary

How secure is my password?

If you want to check the strength of your password, use the password checker below. This checker comes from LastPass, a secure password management tool.

Creating and storing strong passwords

In order to make sure your strong passwords work, it’s important that you know where to store them, especially if you’re using different passwords for different sites that are hard to remember. 

The best things to do when creating a password is to use a password generator, and then store it in a reliable, secure password manager.

Using a password generator

A password generator is a tool that comes up with a password for you using random letters, numbers, and characters. Using a password generator helps you to ensure that your password is complex enough that it can’t be guessed by anyone. 

Most password managers will have a password generator tool, but you can also try generators from LastPass, Norton Security, or Avast.

Storing passwords in a password manager

Password managers are a great way to make sure you can create complex passwords without the risk of forgetting what they are. Your password manager will have a ‘master password’ which will allow you to access all of your other passwords, so this is the only one you need to remember – but make sure it’s complex enough that it won’t be easy to guess and access all of your other account information.

Some password managers you can try include LastPass and Dashlane which both have free versions and can be used on your computer (you will need to pay to sync with mobile devices), or Myki which allows you to manage passwords on your phone and is free to use.

How do accounts get hacked?

There are many ways an account can be hacked, and depending on the type of account the person has gotten access to, it can be very distressing. Here are some of the ways a password can be hacked, and how to avoid it.

Leaving an account open or signed in

Sometimes leaving your account signed-in on a computer that is shared with others can be the same as simply telling someone your password. All they need to do is use the computer or device after you. This can also be the case when you don’t lock your devices such as phones, tablets and laptops.

Only ever click “remember me” when signing onto your own computer or device. Never have a browser or device remember your account when you don’t control it. For devices that are yours, always make sure you have a password or PIN lock on it, and put the device to sleep or log out when you’re done.

Learn more about device security to avoid letting others access your accounts.

The password was not strong enough

Simple passwords can be really easily guessed with a ‘brute force attack’, which goes through all possible password phrases that are guessable until they find it. Simple passwords with dictionary words and numbers are the most vulnerable to this attack.

To avoid this, pick a good, complex password that is not easily guessable. A good password (as outlined above) has more than 8 characters, has upper and lower case letters, has numbers and also contains symbols. You should avoid simple dictionary words, patterns of keys on a keyboard and names which are significant to you that people might know about (such as locations or names of family members).

Account recovery hack

Account recovery tools are often useful when you have forgotten your username or password and need to reset your account. Usually, you will need to answer a secret question only you know the answer to, or a link is emailed to you that will allow you to reset the password. 

The problem is if someone also has access to your email, or if the answers to your security questions can be easily guessed, then the person may be able to change the password.

To avoid this, pick a question that only you know the answer to. If it allows you to write the question all the better. Pick something secret and personal to prevent people from being able to accurately guess what the answer is.

There was a data breach

Sometimes the company you have an account with can get hacked, which not only effects the company themselves, but their users too. This especially becomes an issue if you use the same password for all of your accounts. This will make it easy for people who have accessed your password to get into all of your other accounts as well.

While you can’t stop the company you have an account with from being hacked, you can take precautions to minimise the damage. Make sure you don’t use the same password everywhere. This will mean you won’t lose all your other accounts.

It also helps to set up two-step verification, which will send you a text or notification to confirm that you are the person signing in before the website will allow you into the account. This way no one will be able to access the account without you verifying it first.

Need more information?

We are here to answer your questions and talk through your options. Our online chat service is for 16 to 25 year olds and is available Monday to Friday, 4pm to 8pm. Chat to us now about your situation.


Our work is supported by