Strong passwords are at least 12 characters long and use a mix of uppercase, lowercase, numbers, and special characters. Unique passwords for each account prevent a single breach from exposing all your online accounts.
Create test passwords following strong password guidelines. Compare weak versus strong password options to understand why length and character variety both matter for security.
From your study of password security, you understand that passwords are the primary barrier between your accounts and unauthorized access. The strength of a password is really a question of how hard it is to guess — either by a human attacker who knows things about you, or by software running through millions of guesses per second. These two threats call for different defenses, and a good password addresses both.
Length is the most important factor. Every character you add multiplies the number of possible passwords exponentially. An 8-character lowercase password has 26⁸ ≈ 208 billion combinations — which sounds like a lot until you realize modern cracking hardware can test hundreds of billions of guesses per second. The same password with 12 characters has 26¹² ≈ 95 trillion combinations; adding uppercase, digits, and symbols expands the space to 95¹² ≈ 540 quadrillion. Character variety amplifies length: using a character set of 95 printable characters (uppercase + lowercase + digits + symbols) instead of 26 letters makes each character position ~3.7× harder to crack. Length and variety together make brute-force attacks computationally infeasible.
Uniqueness addresses a different threat: credential stuffing. When a website gets breached and its password database is stolen, attackers compile lists of username-password pairs and automatically test them against every other major site. If you use the same password on your bank and on a small forum, and the forum is breached, your bank account is now at risk too. A unique password for every account means a single breach is contained — the attacker gains access to that one account and nothing else. In practice, the only way to maintain dozens of unique strong passwords is to use a password manager, which generates and stores them so you only need to remember one master password.
Avoid patterns that seem complex but are predictable: replacing 'a' with '@' or 's' with '$' is well-known to attackers and adds little protection. Personal information — birthdays, names, pet names, addresses — is even more vulnerable because it can be guessed without automated tools. The strongest password you can create is a long, random string that means nothing to anyone, stored in a password manager. A useful middle ground for passwords you must memorize is a passphrase: four or more random unrelated words ("correct horse battery staple") are both memorable and extremely difficult to crack because of their length, even though each word is common.