How to Choose a Strong Password - Complete Security Guide

Published 2025-06-10 · BraisedEgg Tools

How to Choose a Strong Password — Complete Security Guide

Weak passwords are the #1 cause of data breaches. In this guide, you'll learn what makes a password strong, why most "password rules" are outdated, and how to generate passwords that are both secure and memorable.

Why Password Security Matters

Over 80% of data breaches involve weak or stolen passwords. Attackers use:

  • Brute force — trying every possible combination
  • Dictionary attacks — trying common words and patterns
  • Credential stuffing — reusing passwords from other breaches
  • Phishing — tricking you into revealing your password

A strong password stops all of these attacks cold.

The New Password Rules (NIST 2024)

The National Institute of Standards and Technology (NIST) updated their password guidelines. The old rules are wrong:

Old Rule (Outdated) New Rule (NIST 2024)
Require uppercase + lowercase + numbers + symbols Length is more important than complexity
Force password changes every 90 days Only change if compromised
Ban paste in password fields Allow paste (password managers need it)
Set maximum length (e.g. 16 chars) Minimum 8 chars, allow up to 64+
Use security questions Avoid (answers are easily found)

Password Length vs Complexity

Here's a comparison of how long it takes to crack different passwords:

Password Length Time to Crack
password 8 chars Instant
P@ssw0rd 8 chars 2 minutes
correcthorse 12 chars 2 weeks
correct-horse-battery-staple 28 chars Centuries
Tr0ub4dour&3 12 chars 2 weeks
xkcd936-inspired-pony-whisper 30 chars Centuries

Key insight: A 20-character password with only lowercase letters is stronger than an 8-character password with all character types.

How to Create a Strong Password

Method 1: Passphrase (Recommended)

Combine 4-6 random words:

purple-ocean-whisper-guitar-lantern
  • 35+ characters
  • Easy to remember
  • Easy to type
  • Practically uncrackable

Method 2: Password Generator

Use the Password Generator to create truly random passwords:

  • At least 16 characters
  • Include uppercase, lowercase, numbers, and symbols
  • Generated in your browser — never sent anywhere

Method 3: Password Manager (Best Practice)

Use a password manager to generate and store unique passwords for every account:

  • Bitwarden — free, open-source, excellent
  • 1Password — paid, premium experience
  • KeePass — free, offline, maximum control

You only need to remember one master password. The manager handles the rest.

Password Don'ts

Don't do any of these:

  • Don't reuse passwords — if one site is breached, all your accounts are at risk
  • Don't use personal info — names, birthdays, pet names are easily found on social media
  • Don't use keyboard patternsqwerty, 12345678, asdfgh are cracked instantly
  • Don't use common substitutionsP@ssw0rd is not stronger than password
  • Don't share passwords — use password sharing features in managers instead

Enable Two-Factor Authentication (2FA)

Even the strongest password can be stolen. 2FA adds a second layer:

  • Authenticator app (Google Authenticator, Authy) — free, recommended
  • Hardware key (YubiKey) — most secure
  • SMS — better than nothing, but vulnerable to SIM swapping

Check If Your Password Has Been Leaked

Visit HaveIBeenPwned to check if your email or password appears in known data breaches. If it does, change it immediately.

Quick Password Strength Checklist

  • At least 16 characters long (or use a passphrase)
  • Not used on any other account
  • Not based on personal information
  • Not a dictionary word or common pattern
  • Stored in a password manager
  • 2FA enabled on important accounts

Generate a Strong Password Now

Use the Password Generator to create a secure password right now. It runs entirely in your browser — your password is never sent to any server.

← Back to Articles