Skip to main content

How to create a strong password

Creating a strong password can seem like an afterthought when you sign up for new accounts online. But with the reality of identity fraud and security breaches, taking the time to generate a strong password is more important than ever.

These five tips on how to make a strong password can help get you started down the right path to protecting your accounts and keeping your information safe.


Go for length and complexity

When creating a strong password, length matters. Try to make sure it's at least eight to 10 characters. Complexity also helps. For instance, a six-letter, lowercase password could take five minutes to break; one with nine letters could take two months. A six-character password that alternates numbers and symbols could take less than nine days to break, but one with nine characters could take a cybercriminal nearly 20,000 years to figure out.


Be unique

Every year security services provider SplashData1 releases the most common (and therefore the worst) passwords in use. And every year "123456" and "password" are at the top of the list. Don't use those passwords-and don't use common dictionary words or consecutive numbers when creating your password. Passwords with simple patterns, such as "1234" or "qwerty," or with obvious substitutions, such as "H0u$e," are easy to guess.


Follow these guidelines

  • Avoid using personal information (such as your Social Security number, phone number, birthday, or pet or family member names) in your password.
  • Use a different password for every site. A strong password has to be unique, not just a variation of passwords you use on other sites. Consider using a password manager to help keep track of your various log-in credentials.
  • Avoid storing your passwords in unencrypted files, like the notes app on your phone. Instead, write them down and store them in a safe place such as a password manager.
  • No matter how strong a password may be, it is still at risk of being hacked. With two-factor authentication, a second level of security is added to strengthen your defenses against a breach.

Make it memorable

A strong password should be based on something you can remember but that would be difficult for a hacker to guess. Stay away from well-known phrases, quotes or song lyrics. Start with a sentence such as "I live for boating!" and transform it to "ILv4Btng!" Or string a series of random words together to create a strong password like this: "wizardboWLingchicKeN."


Add an extra layer of security

Along with generating strong passwords for each account, use multifactor security that requires more than one method of verifying your identity, especially with accounts that involve financial transactions. Also, enable biometrics like fingerprint sign-on, or retina or facial recognition where available.

Following these tips can help you create stronger passwords that are tough for hackers to break—and help protect your identity.

  1. SplashData, 2018
Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

Up Next

Contact Us