What makes a password strong?

Length is the biggest factor. A 16-character password is exponentially harder to crack than an 8-character one, even if the 8-character one has more symbols. Aim for 14+ characters and avoid common words and personal info (birthdays, pet names).

Is it safe to use the same password on multiple sites?

No. If one site gets hacked, attackers will try that password on your other accounts. Every important account needs a unique password. Use a password manager to make this practical.

Are password managers safe?

Yes. Reputable password managers (1Password, Bitwarden, Apple Passwords, Google Password Manager) encrypt your passwords so even the company can't see them. The tradeoff (one strong master password protecting hundreds) is way better than reusing weak passwords across sites.

Strong Password Tips That Actually Work

By Isaac Farris·Updated May 23, 2026·6 minute read

Most password advice is outdated. The "uppercase, lowercase, number, symbol" rule was invented in 2003 and the author later said he regrets it. Here's what actually works in 2026.

The 30-second version

Use a password manager. Let it generate 20-character random passwords. Memorize one strong master password. You're done.

Length beats complexity

A 16-character password of just lowercase letters is harder to crack than an 8-character one with symbols and numbers. Modern computers brute-force short passwords in seconds. Long ones take centuries.

Aim for 14+ characters minimum, 20+ for important accounts.

Use a passphrase (memorable but long)

Pick four random words you can picture: BlueCoffeeMonkeyMountain. Easy to remember, 24 characters long, harder to crack than P@ssw0rd1!.

Add a number or symbol if the site requires it: BlueCoffeeMonkeyMountain7.

Never reuse passwords

The biggest mistake. When Site A gets hacked (it's not if, it's when), attackers try your email and password on every other site. If you reuse, they get into your bank too.

Every account needs a unique password. There's no practical way to do this without a password manager.

Use a password manager

You don't have to remember 200 passwords. The manager does it. You remember one strong master password and the manager fills in everything else.

Good options:

Apple Passwords (free, built into iPhone/Mac, perfect for Apple users)
Google Password Manager (free, built into Chrome and Android)
Bitwarden (free, cross-platform, open source)
1Password ($3/month, polished, great family plan)

Turn on two-factor authentication (2FA)

Even if your password leaks, 2FA blocks the attacker. They need a code from your phone too. Prioritize 2FA on:

Email (the most important, since it can reset everything else)
Bank and credit cards
Apple Account / Google Account
Social media

Things to NEVER use in a password

Birthdays (yours, kids, pets)
Pet names, kid names
Common words (password, qwerty, 123456, letmein)
Common substitutions (P@ssw0rd is in every cracker dictionary)
Anything in your social media

Should you write passwords down?

A notebook in your home is safer than reusing weak passwords across the internet. But a password manager is better than both. The risk profile is different: a notebook gets stolen by someone with physical access, but weak online passwords get stolen by anyone, anywhere.

Check if your passwords have been leaked

Visit haveibeenpwned.com, type in your email. It tells you which breaches included your data. Change passwords on any account that shows up.

Modern password managers do this check automatically and warn you about leaked passwords.

Want help setting up a password manager?

We can walk you through migrating your saved passwords and locking down your most important accounts.

Get in touch Email Isaac

☕

Locked down?

Tips keep these articles coming.

Buy me a coffee