How to create a strong password

Creating a strong password can seem like an afterthought when you sign up for new accounts online. But with the prevalence of identity fraud—there’s a victim every two seconds1—taking the time to generate a strong password is more important than ever. Here are five tips to get you started.


Change your passwords regularly

The longer you use a password, the less secure it becomes. That’s why security experts suggest that you change your passwords at least once a year to protect your accounts. Depending on your risk level, you may need to change them every 90 days. For example, if you use public computers a lot, you should update your passwords more frequently than if you only use a home computer.


Go for length

When creating a strong password, length matters. Try to make sure it’s at least eight to 10 characters. Complexity also helps. A six-character, lowercase password takes five minutes to break; one with nine characters takes two months. A six-character password with numbers and symbols takes less than nine days to break; one with nine characters takes nearly 20,000 years.


Be unique

Every year security services provider SplashData releases the most common (and therefore the worst) passwords in use. And every year “123456” and “password” are at the top of the list. Don’t use those passwords—and don’t use common dictionary words or consecutive numbers when creating your password. Passwords with simple patterns, such as “1234” or “qwerty,” or with obvious substitutions, such as “H0u$e,” are easy to guess.


Follow these guidelines

  • Do not use your Social Security number, phone number, birth date, first and last name or user ID when creating your password.
  • Use a different password for every site. A strong password has to be unique, not just a variation of passwords you use on other sites.
  • Avoid storing your passwords in unencrypted files, like the notes app on your phone. Instead, write them down and store them in a safe place.

Make it memorable

A strong password should be based on something you can remember but that would be difficult for a hacker to guess. Stay away from well-known phrases, quotes or song lyrics. Start with a sentence such as “I live for boating!” and transform it to “ILv4Btng!” Or string a series of random words together to create a strong password like this: “wizardboWLingchicKeN.”

Following these tips can help you create stronger passwords that are tough for hackers to break—and help protect your identity. 

  1. Javelin Strategy & Research, 2016
Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

Up Next

Contact Us

  • Mon-Fri 8 a.m. to midnight Eastern
    Sat 8 a.m.-8 p.m. Eastern, Sun 9 a.m.-8 p.m. Eastern

    866.736.2205 Mon-Fri 8 a.m. to midnight Eastern
    Sat 8 a.m.-8 p.m. Eastern, Sun 9 a.m.-8 p.m. Eastern
  • Schedule an appointment