How to Create (And Remember!) Strong Passwords
Moving beyond "P@ssw0rd123" to a safer, simpler digital life.
PCI Compliance
Cybersecurity
Privacy
Moving beyond "P@ssw0rd123" to a safer, simpler digital life.
Remember when the Louvre was hacked in 2025 because their password was LOUVRE? No one wants to get hacked because they have the world’s easiest-to-guess password, but it can be difficult to remember something like “J!23R&$U” or some version of a “strong password.”
No fear, there’s an easier way to create and remember strong passwords. Read this blog to discover what makes a strong password in 2026, how to create passphrases, and the pros and cons of using a password manager.
Did you know that it’s actually easier for a computer to crack a password like “J!23R&$U” than a passphrase like Blue-House-Fetch-Bicycle? This is extra true if you’re human (which I assume you are), and you can’t remember complex passwords and have to write them down. This is because an eight-character password can be cracked by a computer in potentially minutes, while a 15+ character password could take centuries to discover.
In 2026, it’s important to prioritize length over complexity. In fact, the NIST 2026 Standard recommends a 15-character minimum for sensitive accounts.
Passphrases are more secure and also easier to remember. I like to take the random four approach, where I choose four random words or objects and link them with a dash or a space.
This is made even easier if I just pull from song lyrics I enjoy or a quote I find memorable, for example:
I recommend either capitalizing the first letter of every word and using dashes or underscores to meet special character requirements.
Try to avoid personal information like your kid’s names, birthdays, etc.
Passphrases are great because you can usually remember them without needing to write anything down or use a password manager. However, if you want the convenience of a password manager, let’s discuss the pros and cons of different password managers below.
Pro Tip: Never reuse a password across multiple websites. This makes it easy for hackers to exploit multiple sites by obtaining only one password.
It’s impossible to remember 100+ unique 20 character passwords, especially if you’re still using the random string approach. This is why people often opt to use a password manager like Bitwarden, JumpCloud, Google, etc. to generate and store their passwords.
You do take a significant amount of risk with this approach. If a threat actor breaches your Google account, for example, they will then have the passwords to literally every site you use Google to store passwords for.
Require MFA (Multi-factor Authentication) for any password manager you use and for each individual account. I know it’s a hassle to constantly have to provide additional verification, but it sure beats your identity or money being stolen.
Security questions, when answered honestly, are actually incredibly easy to hack.
One simple social media search will answer your pet’s name, your mother’s maiden name, where you were born, etc.
But there’s no reason to answer these questions honestly. I like to imagine an alter ego with a backstory. Where would they live and what would they be named? This alter ego can be used to answer security questions to increase your security.
You’d be shocked how often your personal security information is floating around the web, especially for email accounts you’ve forgotten even exist. Use tools like Have I Been Pwned to see if your email accounts have been a part of a data breach.
Pro Tip: If you use Google Password Manager, turn on "On-device encryption" in the settings. This makes it so Google cannot see your passwords even if their servers are breached.
What can you do right now to be more secure? Here are three things I suggest:
If you take these three simple steps right now, you’ll be better prepared against today’s threat actors.
Think you’ve been breached? Talk to a cybersecurity breach expert today.
.svg)
