Why Password Security Matters
Passwords are the first line of defense for your online accounts. Yet many people still reuse easily guessable passwords, and account takeovers remain a persistent threat.
Data breaches are increasing year over year, and leaked passwords are bought and sold on the dark web. Credential stuffing attacks — where attackers use passwords leaked from one service to break into another — rank among the most common forms of cyberattack.
Characteristics of Weak Passwords
The following types of passwords are easily cracked by attackers:
- Short passwords (fewer than 8 characters)
- Dictionary words (password, dragon, monkey, etc.)
- Personal information (birthdays, names, phone numbers)
- Keyboard patterns (qwerty, 123456, asdfgh)
- Simple substitutions (p@ssw0rd, h3llo)
- Reusing the same password across multiple services
In the annual "most commonly used passwords" rankings, "123456," "password," and "qwerty" consistently appear at the top.
How to Create Strong Passwords
Length Is the Most Important Factor
The single biggest factor in password strength is length. Aim for at least 12 characters — ideally 16 or more. An 8-character password can be cracked in a matter of hours with modern hardware, while a 16-character password is virtually unbreakable.
Use a Passphrase
Random character strings are hard to remember, so passphrases are a great alternative. Combine 4 to 5 unrelated words chosen at random.
For example, "correct horse battery staple" — a string of unrelated words — is both easy to remember and extremely long.
Use a Different Password for Every Service
Using a unique password for each service is an absolute rule. If one service is breached, unique passwords prevent the damage from spreading to your other accounts.
Using a Password Manager
Memorizing dozens or even hundreds of strong, unique passwords isn't realistic. A password manager solves this problem.
How Password Managers Work
All your passwords are stored in an encrypted database, protected by a single "master password." Passwords for each service are auto-generated and auto-filled, so the only password you need to remember is the master password.
Popular Password Managers
- 1Password: Excellent balance of usability and features; family plans available
- Bitwarden: Open-source with a generous free tier; self-hosting is also an option
- KeePass: Fully local, open-source software
Built-in Browser Password Management
Browsers like Chrome, Firefox, and Safari include built-in password saving, but their feature sets are limited compared to dedicated password managers. If you need cross-browser access or password sharing, a dedicated tool is the way to go.
How to Check for Leaked Passwords
You can check whether your passwords have been exposed in past data breaches:
- Have I Been Pwned (haveibeenpwned.com): Enter your email address to see associated breaches
- Password manager monitoring: Many password managers include built-in breach detection
- Browser warnings: Chrome and Firefox alert you when saved passwords appear in known breach databases
Defenses Beyond Passwords
Relying on passwords alone is risky. Combining the following measures significantly strengthens your account security:
- Enable two-factor authentication (2FA) — see our two-factor authentication guide for details
- Use passkeys: The emerging standard for passwordless authentication
- Use a security key: Physical authentication devices offer the strongest protection
- Enable login notifications: Detect suspicious sign-ins immediately
On Kakunin-san's homepage, you can also check your browser's security settings, including Do Not Track and cookie status.