Skip to main content

Password tips: How to create a strong password

Running a good password cracking machine is both time-consuming and expensive, and for this reason, cyber criminals will always look for the path of least resistance. That is why you need to know how to create strong passwords, how to use a password manager, and learn how two-factor authentication (2FA) works.


Most of the passwords you are using daily are possible to break, and it’s important that you know how to make them as complicated and time-consuming as possible for the cyber criminals to break so that they will move on to an easier target. 

For a cyber criminal using a password cracking machine, it will take more time – and cost them more money – the stronger the password is. That is why, they will always look for the path of least resistance, to make sure they are not wasting their time. 

What is considered a strong and a weak password?

A password is considered stronger the longer it is, and it is recommended that it should be no shorter than 12-15 characters. In addition to this, the password should contain the following elements:

  • Special characters such as: ! @ # ? and so on
  • Numbers
  • A combination of capital and lowercase letters 
  • Accents (è, é, â, î or ô and so on) if the system supports it
  • Spacing
  • A random sequence of characters

It might be a good idea to use a passphrase so that you more easily remember it, and combine it with all of the above, such as special characters, numbers, and spacing. 

To make it even stronger, you can use phrases that are typical for your accent or insert some spelling mistakes that only you will remember. 

Also read: Password security tips from our experts

What characterises a weak password?

A weak password on the other hand is short, a well-known word many people use or a well-known piece of information, and also something obvious that should be avoided at all cost. 

This can be for example your name, the name of your company, your favorite sports team, your dog’s name, or this in combination with an easy number combination such as 123 or 111. 

Did you know that one of the most common colours used in, or as a password, is the colour “blue”–the colour of Twitter, Facebook, and Linkedin’s logo? This is a good example that most people might not be particularly creative when choosing a password, but choosing whatever is literally under their nose, making it very easy for cyber criminals.

“If your email account is taken over by cybercriminals, they can effectively gain control over all your other Internet accounts. The strongest defence you have against this is a strong, unique password coupled with two-factor authentication,” – Christian Andersson, Security Engineer in Tripletex. 

Even your passphrases should not be too obvious as a cyber criminal will have access to most lyrics, movie scripts, books, TV shows, languages, and so on, and with the right tools will be able to compare it with your password in a matter of seconds. 

There are also popular passwords that are based on keystrokes such as for example “qwerty”. These should not be used. In addition, you should not change your password on a regular basis, unless you suspect that you have been part of a breach and that your credentials and passwords may have been leaked.

Changing your password too often can result in bad passwords since many will choose a more effortless route and create a password too similar to the old one.

You might also be interested in: 14 tips for staying secure at the home office

What is a password manager and how can it be used?

Experts usually recommend a password manager, because it is nearly impossible to have complex, unique and different passwords everywhere you log in–and still be able to remember all of them.

A password manager is a computer program, or more specifically an encrypted database, where users can store all their passwords and login information, or generate passwords, for all their different logins around the web. The only thing you need to remember is your master password to access all your other passwords and login information.

Nowadays, most password managers are cloud-based, meaning that you can use the same account on all your devices no matter where you are.

Some examples of password managers are Lastpass and 1Password. There are many different password managers to choose from, so in order to find the one provider that fits your needs the best, you should always take the time to do research online before making a decision.

What is 2FA/MFA?

Another way to make it more difficult for cyber criminals to access your passwords is through two-factor authentication (2FA) and Multi-factor authentication (MFA). These are electronic authentication methods where you’re granted login access only after having gone through two or more steps to prove your identity. 

This is a very effective way to secure your accounts and often comes in the form of the classic password or pin code, followed by an extra layer such as a randomly-generated code either sent to you by SMS or generated through an authenticator app installed on your phone. 

It can also be the use of a physical token, key or bank card, or biometrics: fingerprint on your phone, facial recognition, and so on.

Do you want to learn even more about password security? Watch Security Evangelist Per Thorsheim’s talk “Passwords are forever!” from the Visma Security Conference 2020

Or read more blog posts about security and cyber crime on our Security category page:

Read more about security

Most popular

  • ""

    What is an IT Security Policy?

    Every organisation—from startups to large, global corporations and nonprofits—must make sure that they have procedures to keep up with an ever-changing landscape of threats and vulnerabilities to keep its assets secure. But what is an IT Security Policy, and how do you enforce them?

  • ""

    Turning the UEFA Euro into math

    The Finnish company Weoptit, a company in Visma, has turned the UEFA Euro tournament into math and simulations. Based on a model originally built by their analysts prior to the World Cup 2006, they have played out the tournament 1,000 000 times to find out what results each team can expect from this summer’s football festival.