Cybersecurity 101: How to Create Strong Passwords and Use a Password Manager

Do your online account passwords look like this?

PW
lR%$!21Ih8iU0UP!9%hv*jk06tR8Cu

If not, it’s time to rethink your security. Weak or reused passwords make it easy for hackers to break into your accounts. A password manager lets you create strong, unique passwords effortlessly, all protected by one master password you remember. It’s the simplest way to take control and lock down your online life. Ready to upgrade your security? Let’s get started.

What Makes a Strong Password #

A strong password is impossible to remember. It should be:

  • At least 20 characters long.
  • Random, not based on dictionary words.
  • A mix of uppercase, lowercase, numbers, and symbols.
  • Unique to each account.

Examples of strong passwords:

  • WvHd@fp2BHWB*N44vm3C7TuAx#Ct*@
  • M4#^dXL%ckMTmQQAxQ@TWfYye5Ds@k

Why Use Strong Passwords and Managers #

Strong Passwords

  • Enhanced Security
    Strong passwords are difficult to guess or crack using brute force or dictionary attacks, significantly reducing the risk of unauthorised access.
  • Protection Against Data Breaches
    Using unique, complex passwords prevents attackers from compromising multiple accounts if one password is exposed.
  • Reduced Risk of Identity Theft
    Strong passwords protect personal and financial information, lowering the chances of fraud and identity theft.
  • Compliance with Security Standards
    Many organisations and services require strong passwords to comply with security policies and regulations.

Password Managers

  • Simplified Access
    Securely stores and autofills passwords, removing the need to memorise or manually type them.
  • Strong, Unique Passwords
    Generates random, complex passwords for each account, preventing reuse and improving security.
  • Secure Data Storage
    Stores other sensitive items (such as PINs, ID numbers, software keys, and secure notes) in encrypted form.
  • Central Management
    Keeps all your passwords organised, up to date, and accessible in one encrypted vault.
  • Phishing Protection
    Autofills only on the correct websites, reducing the risk of entering credentials on fake or malicious sites.
  • Breach Alerts
    Monitors your saved credentials and alerts you if any appear in known data breaches.
  • Secure Backup and Sharing
    Provides encrypted options to share credentials safely and recover them if needed.
  • Cross-Device Sync
    Syncs passwords across desktops, laptops, and smartphones for seamless access.

How a Password Manager Works #

Think of a password manager as a digital vault. It stores all your passwords in one secure, encrypted place. You only need to remember one strong master password to unlock it. Here’s how it works:

1. Create One Master Password #

You do not have to change your master password periodically, just make it strong and use it only for your password vault.

  • This is the only password you need to remember. It’s used to unlock your password vault.
  • Make it a long passphrase: use 5 random words.

Examples of strong master passwords:

  • Imposing-Preface-Strategic-Lung-Junkie1
  • Landmark7-Congested-Atlas-Lion-Subduing

2. Manager Encrypts Your Vault #

Your passwords are encrypted on your device before they’re ever saved or synced. No one, not even the password manager company, can read them without your master password.

3. Save Passwords Inside the Vault #

Each time you create or log into a new account, your password manager can:

  • Generate a strong, unique password for you.
  • Save it securely.
  • Auto-fill it next time you log in.

4. Sync Across Devices #

Most managers let you access your vault on your phone, laptop, tablet, or even through a web browser with the same master password.

5. Log in with One Click #

Next time you visit a website, your manager recognizes it and autofills your login with the correct credentials. Fast, easy, and secure.

How Passwords Get Hacked #

Understanding how passwords get hacked helps explain why strong passwords and a password manager are so important.

1. Brute-Force Attacks

A brute-force attack is one of the most common methods hackers use to crack passwords. In a brute-force attack, an attacker uses automated software to try every possible combination of characters until they find the correct one.

How Does It Work?

  • The software starts with simple passwords and gradually increases the complexity.
  • It tests all combinations: numbers, letters, symbols.

Brute-force tools can test billions of password combinations per second, making weak passwords an easy target. The longer and more complex the password, the harder it becomes to crack.

Estimated cracking times:

Password Length Numbers Only Lowercase Letters Mixed Case + Numbers Mixed Case + Numbers + Symbols
8 < 1 second < 1 second ~1 minute ~22 minutes
10 < 1 second ~1 second ~2 hours ~1 week
12 ~1 second ~1 minute ~3 days ~3 years
16 ~1 hour ~5 hours ~400 years ~1 billion years
20 ~10 years ~100 years ~10 million years ~trillions of years
30+ Practically uncrackable Practically uncrackable Practically uncrackable Practically uncrackable

Pro tip: use 30+ characters for maximum security.

2. AI-Powered Guessing

Hackers use artificial intelligence to crack passwords more effectively. AI can:

  • Learn patterns in human-made passwords.
  • Guess likely combinations from past breaches.
  • Exploit password hints and personal data from social media.

That's why it's critical to use strong, random passwords that don't follow recognizable patterns or common phrases.

What is 2FA? #

Two-factor authentication (2FA) is a simple but powerful security feature that adds an extra layer of protection to your accounts. Here’s how it works:

  • First factor: You enter your usual password (something you know).
  • Second factor: You enter a code sent to your phone (something you have) or use a special app (like Google Authenticator or Authy).

Even if someone manages to steal your password, they can't get into your account without also having access to your second factor (e.g., your phone).

Many services like email, social media, and banking offer 2FA, and it’s always a good idea to enable it wherever possible.

Frequently Asked Questions #

I don’t trust password manager companies.

Good! You shouldn’t blindly trust them. That’s why they use:

  • Zero-knowledge encryption: Your data is encrypted before it even leaves your device.
  • They can’t see or reset your master password, even if they wanted to.
  • You remain protected even if the service were breached.

What if the password manager gets hacked?

If a password manager were hacked, attackers would only get encrypted vaults.

  • Without your master password, they can’t read your data.
  • You’re safe if:
    • Your master password is long and random.
    • You use two-factor authentication (2FA).
    • You don’t reuse that master password anywhere else.

What if the company shuts down?

Pro tip: Create an encrypted backup of your vault every few months.

No problem. Your data is portable.

  • You can export your vault anytime.
  • Common formats like .csv or .json work with other managers.
  • Switch to another manager easily.

What if I forget my master password?

This is your only real risk, but it's manageable:

  • Use a long but memorable passphrase.
  • Store a backup copy in a secure physical location.
  • Some tools offer recovery kits you can print and securely store.

Once you start using it daily, you’ll naturally memorise it.

Isn’t It Safer to Write Passwords Down on Paper?

It's better than reusing passwords, but not by much:

  • You can lose or damage the paper.
  • It’s not encrypted.
  • It won’t alert you about breaches or help with 2FA.

Password managers are safer, faster, and more reliable.

Can I use iCloud Keychain or Google Password Manager?

Sure, and it’s a good first step. But:

  • They’re tied to a single ecosystem (Apple or Google).
  • Cross-platform support is limited.
  • They lack advanced features like breach alerts, 2FA support, or encrypted backup options.

A dedicated password manager gives you freedom and control across all devices.

Can I use my browser’s password manager?

Safer than nothing, but still risky:

  • Less encryption than dedicated managers.
  • Vulnerable if your browser gets compromised.
  • Doesn’t support secure notes, sharing, or breach alerts.

Use a dedicated password manager for best results.

I’ve never been hacked, so why bother?

That’s what many people think… until it’s too late.

  • Cyberattacks often go unnoticed and can affect anyone, not just high-profile targets.
  • If you reuse passwords, a single breach can give attackers access to multiple accounts.
  • Using a password manager helps you stay one step ahead. It’s about prevention, not cleanup.

Next Steps #

Strong passwords and a password manager are essential for online security. If you’re not using them, you’re exposing yourself to unnecessary risk. Too many people and organisations still rely on weak passwords and ignore password managers. Don’t be one of them.

Now is the perfect time to get started:

My top choice: Bitwarden. It’s fast, secure, reliable, user-friendly, and works on any platform.

  1. Choose a password manager
    Recommended: 1Password, Bitwarden, or Proton Pass.
  2. Install it everywhere
    Phone, tablet, and computer.
  3. Enable sync
    Keep passwords accessible across devices.
  4. Create a strong master password
    Use a long, memorable passphrase. Store it securely.
  5. Update key accounts first
    Focus on email, banking, cloud storage, and social media.
  6. Turn on 2FA
    Add an extra layer of protection wherever possible.