In 2004, Bill Gates predicted that “passwords will be a thing of the past.” Nearly two decades later, passwords are still our first line of defense against cyber threats, but both the way we create and manage them and the cyberthreats aimed against them have evolved significantly.
The End of “Password123!” #
The average person has around 100 online accounts, and many still rely on weak passwords like “password123!” or “opensesame” that are easily guessable. Even if you have a strong password, using the same one across multiple accounts can lead to a domino effect if one account is compromised. For many, the convenience of a single, simple password outweighs the risks, since memorizing that many different passwords is just impractical. Password reuse is more common than you may think, with about 65% of people reusing their passwords across sites.
One method you might think of to get around this is to add a short suffix to a base password, like password123!facebook and password123!twitter. While this does provide some variation, this method is still vulnerable to attacks that can identify common patterns in passwords.
Step 1: Creating an “Uncrackable” Password #
The National Institute of Standards and Technology (NIST) has issued guidelines on how to create strong passwords, which have been recently updated in 2026 to shift the focus from complexity to length and uniqueness. For example, they recommend a minimum length of 12 characters, with longer passwords being more secure. They also encourage utilizing the entire range of Unicode characters, including emojis or other language-specific characters if possible, to make passwords more resistant to brute-force attacks.
Here are some tips for creating strong passwords:
- Use a passphrase: Link four or more random and unrelated words together to create a long password. After generating the words, you can create a story to help you remember it more easily. This famous comic from XKCD illustrates the strength of passphrases compared to traditional complex passwords:
Password Strength by XKCD - Use spaces/symbols: More platforms are now allowing spaces in passwords, which can make them easier to remember and more natural to type. By using spaces or symbols to separate words in a passphrase and ending with a unique suffix, you can create a strong password that is also memorable. For example, instead of
maytheforcebewithyou, you could usemay.the.force.be.with.you!1977. - Use the poetic method: Think of a line from a poem, song, or quote that you will never forget, and write down the first letter of each syllable, including punctuation and capitalization. For example, “Twinkle, twinkle, little star, how I wonder what you are” becomes
Tk,tk,lts,hIwdwya.
Step 2: Letting a Password Manager Do the Heavy Lifting #
While creating strong passwords is important, it gets harder and harder to remember them as you create more accounts. This is where password managers come in. A password manager is a software application that helps you generate, store, and manage your passwords securely, and is considered vital for maintaining good cybersecurity hygiene.
Essentially, instead of manually creating and remembering passwords, a password manager can generate much more secure and unique passwords and store them in an encrypted vault. You only need to remember one master password to access all of your stored passwords. Many password managers also offer features like auto-filling login forms, syncing across devices, and alerting you if any of your passwords have been compromised in a data breach.
Some popular password managers in 2026 include 1Password and Bitwarden. When choosing the right one for you, consider factors such as ease of use, pricing, and security features.
With strong, unique passwords and a manager to keep track of them, you’ve already put yourself ahead of most people online. But passwords alone aren’t the full picture. In Part 2, we’ll cover how to protect your accounts even when a password is stolen, and how a new technology called passkeys is quietly making passwords obsolete.