How to create and protect a strong password

Woman looking at a laptop and trying to create a strong password Woman looking at a laptop and trying to create a strong password Image:

In a Nutshell

To keep your information secure from identity thieves, you have passwords for nearly everything you do online. Find out the dos and don'ts of creating a strong password and keeping it safe.

We generally make money when you get a product (like a credit card or loan) through our platform, but we don’t let that cloud our editorial opinions. Learn more about how we keep this compensation from affecting our editorial views.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

In today’s online world, it seems like you need a password for just about everything. But it can be hard to keep track of all those passwords.

Because of this, you might keep the same password for all of your accounts. Or perhaps you make your password something simple and easy to remember. Unfortunately, these solutions can leave you vulnerable to hackers and identity thieves.

Whether you’ve dealt with identity theft in the past (a major pain) or simply want to avoid it, creating a strong password is a vital step you should take to protect your information.

Fortunately, creating a strong password is more of a science than an art. There are certain guidelines you can follow to help you create good passwords and improve your password security.


Concerned your accounts might already be compromised? Credit Karma’s new ID monitoring feature allows you to use your email address to search for any accounts that are in public data breaches.

If your information has been exposed in a breach, we’ll let you know some tips and tools to help you take the right next steps. We’ll also continue to monitor your identity and credit for free.

Sign up now for Credit Karma's free ID monitoring service

How to create and protect a strong password

If you want to protect your information, having good passwords is key. But how do you actually do it?

  1. Create a long, random password.
  2. Avoid using single dictionary words.
  3. Use simple memory techniques or a password manager to remember your passwords.
  4. Follow proper password security measures.
  5. Enable two-factor authentication.

1. Create a long, random password. 

First, you want to make your password diverse and complex — ideally one that uses random alphanumeric and special characters. On top of that, generally the longer your password is, the better; using between eight and 15 characters (or more) can help.

For example, a strong password would be 15kR}545C00t46c. It’s long and contains a variety of characters with no notable patterns.

A weak password would be 123abc! because it has a predictable pattern and not enough characters. You should also avoid using sequences like 12345, keyboard patterns like qwertyuiop (the first line of letters on a keyboard) or repetitive characters like aaaaa.

“Every additional character you add to a password makes it more difficult for a hacker to guess or break your password,” says Michael Levin, CEO and founder of the Center for Information Security Awareness (CFISA). Levin previously worked as branch chief of the U.S. Secret Service Electronic Crimes Task Force program.

Levin says that by using a mixture of letters, numbers and symbols, you also make password discovery through guessing or easily-available password cracking tools more difficult.

2. Avoid using single dictionary words.

Stay away from using a lone dictionary word as your password. If your password is a common word, it could be an easy hack. Since you usually get a limited number of login attempts before your account is locked, a hacker trying to figure out your password might start out with common dictionary words.

Rather than using a single dictionary word, you could consider using a combination of words to create a password phrase. This makes for a password that’s easier to remember but harder for a hacker to guess.

3. Use simple memory techniques or a password manager to remember your passwords.

Creating a strong password that is long and complex can be hard to remember. Luckily, there are some tricks to help you create good passwords and remember them.

Remember using mnemonic devices at school? These are techniques to help improve your recall and can help with password management. For example, some kids use the mnemonic “Never Eat Slimy Worms” to remember the first letter of the directions in order (North, East, South, West).

These techniques can boost your ability to remember your password.

Nick Santora, chief executive officer at Curricula, which trains employees on cybersecurity, recommends using the “passphrase” system. You’ll create a sentence that’s both memorable and short enough to boil down to a password.

So, say you pick “Gone With The Wind,” which you pare down to the acronym “GWTW”.

You can then add numbers and characters to increase your password security.

Using the acronym above, you could create a password that would be GWTW!04@gwtw.

Using this method, you can create something that’s easy to remember for you, but nearly unrecognizable to others.

If using this kind of technique doesn’t feel like your thing, don’t worry — you’re not out of options. Consider using a password manager, a secure tool that saves your passwords for you so you don’t have to remember them.

Password managers can encrypt your passwords in the cloud and sync to your accounts. You’ll then have one master password. Password managers are recommended by many security experts and may be able to limit your risk of identity theft.

However, be aware that you may have to pay to use these services, particularly if you’re interested in upgrading from a basic version of the tool.

4. Follow proper password security measures. 

Creating a strong password is just one part of password security. You’ll have to manage your passwords and use them correctly as well.

To do that, you don’t want to use the same password for multiple sites. Doing so could mean that if hackers get their hands on one password, they have access to all of your accounts.

Also, while experts previously advised that you change your password frequently, some security experts now say you might not need to do that. You may only need to change your password if you think you’ve been hacked or if there’s suspicious activity.

5. Enable two-factor authentication.

On top of having good passwords, consider enabling two-factor authentication when you sign into your email, bank website or any other sensitive account.

When using two-factor authentication, a code will be sent to your phone when you sign in. You then input the code to access your account. Hackers likely don’t have access to your phone, so this can be a great way to add a layer of password security.

It may feel like additional work, but the extra protection can go a long way.


What can happen if a hacker gets your password?

Passwords are a door that unlocks your information and data, and they’re necessary to keep your account protected and private.

“Passwords are the most valuable prizes to any hacker, because it gives them the opportunity to enter your accounts and spend as much time as needed to steal your data,” Levin says.

If your password gets into the wrong hands, a number of things could happen:

  • You could be locked out of your account and unable to access your information.
  • Hackers could use information in your accounts to steal your identity and make financial or other types of transactions without your knowledge.

This is why it’s important to take password security seriously.


Bottom line

Living a life online means being vulnerable to hackers and other online predators looking to steal your information.

Though there’s always a risk — and no foolproof, guaranteed safety net — you can take steps to protect your information by creating a strong password.


Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors' opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when it’s posted.