📏
Length is king. Each additional character exponentially increases crack time. A random 20-character password is astronomically stronger than a complex 8-character one.
🎲
Use a passphrase. 4-5 random words (e.g. "purple-lamp-tiger-ocean-42") are easy to remember and extremely hard to crack. Check our Password Generator for secure passphrases.
🔤
Maximize charset. Using all 4 character types (uppercase, lowercase, numbers, symbols) increases the possible combinations per character position from 26 to 95.
❌
Avoid predictable patterns. "P@ssw0rd", "S3cur3!", "Password1!" and leet-speak substitutions are in every dictionary attack list. They offer minimal security despite appearing complex.
🔑
Use a password manager. You only need one strong master password. The manager generates and remembers unique, random passwords for every site. Bitwarden is free and open-source.
🛡️
Enable MFA. Even a weak password becomes much harder to exploit with multi-factor authentication. An attacker with your cracked password still can't log in without your second factor.