How to Create a Strong Password

How to Create a Strong Password and Avoid Hackers

Password Field

Our goal here at PinpointVPN is to ensure that our readers have the safest possible experience using the internet. Even though tools like IPVanish and Zenmate can help protect your privacy and keep you safe, sometimes your internet safety comes down to the basics, like coming up with a password.

Making sure that you have strong passwords to protect your accounts will ensure that you never end up canceling your credit cards in a rush because someone stole your info. Unfortunately, it can be difficult to remember a password that isn’t even a real word but rather a mess of symbols and numbers.

In today’s article, we’re going to explore how you can create a secure password that you’ll still be able to remember so you’re not constantly hitting the “forgot password” button whenever you try to log in.

Creating a Strong Password

There are a few techniques that you can use to ensure that your password is as strong as possible, including avoiding obvious passwords that are frequently used, using passphrases, and potentially even using a password manager. Here are a few of the most popular strategies for strong passwords:

Avoid the Obvious

Strong Password

This should be lesson number one. Ensure that you avoid obvious passwords when putting together your password. For example, passwords like “123Apple” tend to get discovered a lot more frequently than passwords that have at least a moderate amount of thought put into them.

Never put sequential strings of numbers as your password and never use single words, even though most providers won’t allow you to do so. Some of the most popular passwords include “1234567,” “admin,” and things along those lines. Putting effort into your password is the single most important step to making a strong one.

Make it Hard to Bruteforce

Bruteforce attacks are smarter than most people give them credit for, so here are a few tips that you can use to avoid having your password cracked by one of them. The length of your password is crucial, since every additional character in your password will make it exponentially more difficult for a bruteforce attacker to crack.

Other than making your password as long as possible, you’ll want to mix up the characters that you use in it. It shouldn’t be all letters or all numbers since those will be the first combinations that a bruteforce attack will attempt. Vary up the symbols based on where they’re placed in the password.

Make a Weird Phrase Out of It

Using strings of words is a good password strategy, but it depends on the kinds of words you use. If you want to make your password as difficult as possible to crack, you’ll want to make it out of strings of words that are entirely unrelated to each other and possibly even in different languages.

Use a mix of place names, items, names of people that you may know, and as we mentioned before, any words you know in other languages. Most people will only guess passwords that have all of the terms line up similarly, so if there’s no correlation between them, the password will be harder to guess.

Use a Password Manager

Password Manager

Password managers are useful tools that allow us to use far more secure passwords that we otherwise wouldn’t remember. However, these password managers have a master password that you’ll have to input so that you can access the rest of them, and this will have to be the most secure password possible.

We’d highly recommend using all of the tricks that we’ve already mentioned so that it will be as difficult as possible to crack. Remember that a chain is only as strong as its weakest link, and you don’t want the master password that you use on the manager to be that weakest link.

Use Multi-Factor Authentication

If you have accounts that are tied to your financial information or that contain sensitive info, you don’t want your password to be the only thing standing between potential data thieves and your info. For accounts like these, it’s usually a good idea to use multi-factor authentication through your email or your phone.

Since your phone is physically on you, it’s usually a good idea to have your MFA logins linked to it. Using your email, for example, is less secure because someone can potentially access your MFA codes if they manage to crack the password that you’re using for that email account.

How Are Passwords Hacked?

There are a few main techniques that are used to gain access to passwords, including phishing, bruteforce, and dictionary attacks. Knowing how passwords are discovered by data thieves can help you develop a stronger password that will be less likely to get compromised.


Bruteforce attacks work by guessing every possible combination until they get lucky and come across yours. These attacks use software to try as wide of a range of passwords as possible by going through every possible character that can fit into each spot of the password string.

With the advance of bruteforce technology, eight-character passwords are now more vulnerable than ever. In fact, you likely won’t be safe with a password that has less than twelve characters. If you think that there’s a significant chance of you being bruteforce attacked, you’ll need to make sure that your password is as long as possible.


Phishing attacks aren’t technical like bruteforce attempts to guess your password. Instead, phishing attacks try to trick you into being the weakest link when it comes to your password. For example, phishing attacks will pretend to be institutions or sites that may already have your password.

Most people are aware of email phishing attacks, though they can come in other forms too. Be wary of social media posts that ask you about your first pet, the street you grew up on, or your favorite actor. These posts are usually trying to phish out answers to your security questions.

Dictionary Attacks

Dictionary attacks are similar to bruteforce attacks in that they use as many combinations as possible to try and guess your password. For example, whereas a bruteforce attack may attempt to use nonsense to try and guess a password, a dictionary attack will use a predetermined list of words to guess the password.

This means that you’ll be vulnerable to a dictionary attack unless you use a passphrase that consists of a few different words that share no relation to each other. The more words, the more exponentially difficult it gets for a dictionary attack to succeed when it’s trying to guess your password.