The Problem with "Strong" Passwords
Traditional advice said to create passwords like "P@ssw0rd!23" — mixing uppercase, lowercase, numbers, and symbols. The problem? These are hard for humans to remember but surprisingly easy for computers to crack. A modern GPU can test billions of password combinations per second.
What Actually Makes a Password Strong
Length beats complexity every time. A 4-word passphrase like "correct-horse-battery-staple" is far harder to crack than "P@55w0rd!" because it has more total characters and entropy. Here's the math: a 12-character complex password has about 72^12 combinations. A 25-character passphrase using lowercase words has 26^25 combinations — that's astronomically larger.
The Rules That Actually Matter
- Use a password manager. Tools like Bitwarden or 1Password generate and store unique passwords for every account. You only memorize one master password.
- Never reuse passwords. When one site gets breached (and they do — constantly), attackers try those credentials on every other site. One breach shouldn't compromise your entire digital life.
- Enable two-factor authentication (2FA). Even if someone steals your password, they can't log in without the second factor. Use an authenticator app over SMS when possible — SMS can be intercepted.
- Use passphrases for anything you must memorize. String together 4-5 random words. Add a number and symbol if required. "purple-mountain-tennis-42!" is both memorable and strong.
Red Flags to Watch For
- Any website that stores your password in plain text (you'll know if they email it back to you)
- Sites that limit password length to 16 characters or fewer
- Emails asking you to "verify your password" by clicking a link — that's phishing
How strong are your digital skills? Take our Digital Skills Quiz to test your knowledge of cybersecurity, internet safety, and tech literacy.