An example of a password best practice is using a long, unique passphrase made of several random words, like purple duck potato boat or elephants_run_under_blue_sky, to make it hard to guess but easy for you to remember, avoiding personal info and reusing it across different accounts. This is more secure than short, complex passwords because length is a greater defense against modern cracking methods.
Password Best Practices
Use a random string of mixed-case letters, numbers and symbols. For example: cXmnZK65rf*&DaaD.
Three random words generate a password that is not only long enough to thwart brute force attacks but also complex enough to resist common guessing techniques.
Create strong passwords
At least 12 characters long but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
The "8 4 Rule" for strong passwords is a guideline requiring a minimum length of 8 characters (the "8") and the inclusion of 4 different character types (the "4"): at least one lowercase letter, one uppercase letter, one number, and one special symbol, creating a complex, hard-to-guess password. While once a standard, modern advice often emphasizes length and passphrase-style passwords over strict complexity rules for better usability, though the principles of mixed character types remain important.
How to create a strong password
Don't make a password that's easy to guess.
Some passwords are super easy to guess because they get used all the time (password, 123456, baseball).
7 Tips for Strong and Secure Passwords
The top 10 most common passwords consistently feature simple number sequences and keyboard layouts, with "123456," "password," "123456789," "qwerty," and "12345" always leading global lists, often alongside variations like "111111" and "12345678". These passwords, though risky and easily cracked, remain popular due to their simplicity, with recent data showing "admin," "Password," and "1234567890" also frequently appearing in the top tiers.
A strong 12-character password example uses a mix of uppercase, lowercase, numbers, and symbols, avoiding dictionary words, like Zhn44!gbh44kbt (from "Zero hour nine AM. And I'm gonna be high as a kite by then") or a randomized string like cXmnZK65rf*&DaaD, making it complex yet memorable by using a phrase or random characters for security, according to CISA and Microsoft.
To do this, employ a mix of uppercase and lowercase letters, numbers, and symbols. For instance, "N4&vQ2! p" is a solid example of how to blend these elements into a more secure 8-character password.
12345. A strong password should contain numbers as well as letters and special symbols — but one made up only of sequential numbers is asking for trouble. Passwords such as “123456”, “123123”, “111111” or “654321” are, though, surprisingly common, and checked out by cybercriminals through automated systems.
The 2025 NIST guidelines focus on password length (12-16 characters) over complexity, making passwords harder to crack and easier to remember. Mandatory password expiration is no longer required unless there's clear evidence of a breach, reducing unnecessary resets.
Avoid using people's or pet's names, or words found in the dictionary; it's also best to avoid using key dates (birthdays, anniversaries, etc.). Substituting look-alike characters for letters or numbers is no longer sufficient (for example, Password” and “P@ssw0rd”).
Here are the 50 most common four-digit PIN codes, according to the analysis:
The most common password for U.S. users in 2025 was “admin.” The all-too-reliable “password” came in second place. The next three to round out the top five were all the easiest of number sequences: “123456,” “12345678,” and “123456789,” respectively.
The "8 4 Rule" for strong passwords is a guideline requiring a minimum length of 8 characters (the "8") and the inclusion of 4 different character types (the "4"): at least one lowercase letter, one uppercase letter, one number, and one special symbol, creating a complex, hard-to-guess password. While once a standard, modern advice often emphasizes length and passphrase-style passwords over strict complexity rules for better usability, though the principles of mixed character types remain important.
Along the line of poor passwords include your kids' names, birthdays, your current street name and your pets names…all of which is information others can easily access.
Your password should be comprised of at least 12 characters. Use a combo of uppercase letters, lowercase letters, numbers, and even some special characters (!, @, $, %, ^, &, *, +, #).
Communication, Vigilance, Confidence, Courage, Compassion. These traits define an effective security professional. Why is vigilance important? Vigilance allows guards to detect threats early and prevent incidents.
A good password should be made up at least 15 characters, including lowercase letters, uppercase letters, numbers, and special characters. It shouldn't include common words or sensitive information (birthdays, phone numbers).
For example, if the password contains the date of someone's birthday, one might enter the name of the person as the hint. However, password hints have to be carefully conceived; otherwise, a non-authorized user might figure it out.
The top 10 most common passwords consistently feature simple number sequences and keyboard layouts, with "123456," "password," "123456789," "qwerty," and "12345" always leading global lists, often alongside variations like "111111" and "12345678". These passwords, though risky and easily cracked, remain popular due to their simplicity, with recent data showing "admin," "Password," and "1234567890" also frequently appearing in the top tiers.