123456, qwerty, password — still top the lists of the most popular passwords. We explain how to create a truly strong password without losing your mind trying to remember it.
Why a Weak Password Is a Problem
Modern hacking tools can guess billions of combinations per second. A 6-character password is cracked in seconds. An 8-character password with numbers takes hours. A 12+ character password with special symbols takes years to crack.
The Passphrase Method
The best way is to use a phrase of 4-5 random words:
CatDancesOnTheRoofInWinter → CatDancesOnTheRoof!2026
This password is long (25 characters), contains uppercase and lowercase letters, numbers, and special characters, yet is extremely easy to remember.
Password Managers
For most of your accounts, use a password manager. Recommended options:
- Bitwarden — free, open-source, cross-platform
- KeePassXC — local offline storage for maximum control
- 1Password — user-friendly UI with great family plans
Two-Factor Authentication (2FA)
Even an ideal password won’t protect you if the service’s database leaks. Enable 2FA wherever possible. It is better to use an authenticator app (like Google Authenticator or Aegis) rather than SMS.
What You Should Never Do
- Never use the same password across multiple sites
- Never send passwords in chats/messengers
- Never store passwords in unencrypted text notes
- Never use personal info (birthdays, names)
- Never trust “password checkers” on random websites