How Secure Is Your Password? 5 Ways to Make It Stronger

Most sites that require a password ask for a minimum of 8 characters. But is the minimum enough? An 8-character password using only upper- and lowercase letters can be cracked by a single computer in under 3 hours. Add a number and you might buy yourself a week, if that. We’ve been taught that complexity is enough, and we end up with a password that’s hard to remember but easy to crack. So what can we do?

A passphrase is easier to remember and harder to crack

A passphrase, instead of a password, can be both easier to remember and far more secure, thanks to its length and spaces. You can still use common substitutions. For example, swap the number 1 for the letter i and 0 for o, turning “I’m an administrator” into “1’m an Adm1n1strat0r”. A brute-force attack would take one hundred quintillion years to crack that, 100,000,000,000,000,000,000 years, and it’s genuinely easy to remember.

Most sites let you use spaces and characters like commas, apostrophes, and quotation marks instead of the usual exclamation mark or dollar sign. When you build your passphrase, make it meaningful to you and reach for symbols other than the obvious ! ? . * $.

Length beats complexity

Even without substitutions, length alone does a lot of the work:

• “Enjoy every moment”, 18 characters, easy to remember, would take about 1 quadrillion years to crack.
• “Believe in yourself”, 19 characters, memorable, and would take a hundred quadrillion years.

Want to test yours? Type it into security.org’s password checker, it encrypts as you type, never stores anything, and tells you how long a computer would need to crack it.

“Passwords are like underwear: you don’t let people see it, you should change it often, and you shouldn’t share it with strangers.”, Chris Pirillo

A password manager saves time

Alternatively, use a password manager like Dashlane or LastPass. Think of it as a digital vault: you remember one master password, and it securely stores the rest, generates strong unique passwords for each account, auto-fills logins across your devices, and warns you if a password shows up in a data breach. It makes good security practically effortless.

Two-factor authentication adds a deadbolt

Turn on two-factor authentication (2FA), or use a passkey. With 2FA, even if someone cracks your password, they still can’t get in without the second step, usually a code on your phone or an authenticator app. Many services now offer fingerprint or face recognition too. It’s a few extra seconds at the door for a lot more security.

Don’t use your pet’s name

An alarming number of people use a pet’s or relative’s name as the core of their password. Simply put, don’t. Those become very easy to guess for anyone who knows you even a little, no technical skill required. Give your password some real thought before it’s time to create one; it’s wise to have a plan in place ahead of time.

Bonus: create a password-update schedule

Just like changing your smoke-detector batteries when the clocks change, pick a recurring date, your half-birthday, or the first of each quarter, to review and update your most important passwords. A routine keeps your security current without it ever feeling overwhelming. And if you suspect an account has already been compromised, our security cleanup can help you lock things back down.