How secure is your password? Your step-by-step guide to creating strong passwords

We all use passwords pretty much daily. But because of that familiarity we can also become a touch overconfident and might not think too much about how secure they are.

Passwords are often the only thing standing between your business and a major data breach. So, how strong is your password really?

Here’s all you need to know about creating truly strong passwords that hold up under pressure, the signs of a weak one, and why length matters.

You can also download our free toolkit designed to help you and your team put it into practice.

How do I check if my password is strong?

The quickest way to test it is by using a reputable online password strength checker. These give you an instant assessment about how long it would take a hacker to crack it—often measured in seconds or years.

A strong password is long, unique, and unpredictable, making it challenging for anyone (or anything) to guess. It’s not based on personal information, doesn’t follow an obvious pattern, and isn’t reused across accounts.

A weak one? Think "password123" or common words–easily cracked by even basic attacks.

How strong should a password be?

The short answer is stronger than you think. Look for:

• Length: At least 12–16 characters – each one increases the number of possible combinations exponentially, making it much harder to crack.

• Complexity: A mix of upper- and lower-case letters, numbers, and special characters.

• Originality: No guessable words, keyboard patterns, or names–even with substitutions like ‘myp@rtn3r’ instead of ‘mypartner’.

• Uniqueness: A different password for every login. If one service is breached, everything with the same password can fall in a domino effect.

One simple way to stick to these rules is to use a password manager. It can store and generate strong, unique logins for every account, so people don’t have to remember them all.

If you're even asking, ‘is my password safe?', it probably isn’t.

What does a weak password look like?

It often looks painfully obvious. Think "admin," "qwerty," or "CompanyName123." These usual suspects are found on lists of the most common passwords, and often the first ones hackers try.

Statistics consistently show these simple patterns are responsible for a huge chunk of successful cyberattacks. In fact, despite all the warnings, almost a third (31%) of the most popular passwords consist of number sequences, including 2024’s worldwide champ, ‘123456’.

Other predictable patterns include seasons, birthdays, pets, or partners, with the latter three often easily findable on social media.

What is the 3-word password rule?

The 3-word password rule recommends combining three unrelated words to create a password that’s both long and easy to remember.

For example, Dog-Coffee-Banana or CupFuzzyWorld.

The benefit is simplicity. It creates a long password without resorting to strings of symbols you’ll forget. It also means people are less likely to reuse or write them down.

But is it secure? Yes, if it’s done properly.

• No famous quotes.

• No real-world links to your personal or professional life.

• No linked words like BlueSkyThinking. And you can still add a few extra numbers or symbols to make it even tougher for attackers.

“How secure are my passwords?” is a question every business should be asking regularly. Strong passwords are about mindset as much as mechanics. And if you’re leading a business, that culture starts with you.

Whether you’re rethinking your approach or just want a sense check on what you’ve already got in place, our free downloadable toolkit can help you build a strong password policy your whole team can follow in just 6 steps.

But password strength is only part of the picture. From phishing emails and bad practice to unsecured Wi-Fi, today’s threats don’t stop at guessable logins.

We’ve created a series of practical guides on everything from common cybersecurity mistakes and how to stay safe with hybrid working.

You’ll also find resources on how to spot and prevent cyberattacks and antivirus and malware protection to help train your team and build a more resilient business.

Want more help strengthening your passwords or like to learn more about cybersecurity across the board? Our V-Hub Digital Advisers are here to help.