Search Microsoft Security
Search Microsoft.com

Create strong passwords

Create strong passwords

Strong passwords are important protections to help you have safer online transactions.

Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers.

  • Whenever possible, use eight characters or more.

  • Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.

  • Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.

  • The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

  • Use the entire keyboard, not just the letters and characters you use or see most often.

Create a strong password you can remember

There are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:

What to do

Example

Start with a sentence or two.

Complex passwords are safer.

Remove the spaces between the words in the sentence.

Complexpasswordsaresafer.

Turn words into shorthand or intentionally misspell a word.

ComplekspasswordsRsafer.

Add length with numbers. Put numbers that are meaningful to you after the sentence.

ComplekspasswordsRsafer2011.

Test your password with a password checker

A password checker evaluates your password's strength automatically. Try our secure password checker.

Protect your passwords from prying eyes

The easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.

Common password pitfalls to avoid

Cyber criminals use sophisticated tools that can rapidly decipher passwords.

Avoid creating passwords that use:

  • Dictionary words in any language.

  • Words spelled backwards, common misspellings, and abbreviations.

  • Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).

  • Personal information. Your name, birthday, driver's license, passport number, or similar information.