How to Create a Strong Password in 4 Steps

The rise of the technological era, which has led us to store much more information digitally, and the need to keep it protected, has resulted in the requirement for passwords for almost any online activity. From something as trivial as a blog subscription to using online banking and shopping through e-commerce stores, the use of secure passwords has become fundamental for protecting personal data.

That's why, below, we explain the steps you should follow to create secure passwords. Let's get started!

Why is it important to create a secure password?

Passwords are the first line or measure of security for any identity, whether for logging into an email account, social network, or even your company's banking portal. A secure password reduces the risk of being easily compromised, making your information much safer.

3 keys to creating a secure password

Before we tell you step-by-step how to create secure passwords, here are 3 key tips you should always keep in mind before you start:

Never use personal information 

Using data like your birth date, a nickname, your pet's name, or the street you live on makes your password more vulnerable, as this information might be available on your social media or a public website. In other words, it's information a hacker can easily obtain.

Opt for long passwords

The more characters a password has, the harder it will be to decipher and, therefore, the higher its security level. Generally, it's recommended that passwords have at least 10 or 12 characters.

Make sure it's completely unique

Each of your platforms or accounts should have a different and unique password. This way, even if a hacker manages to decipher one of your passwords, they won't be able to access all your information. It's a measure that helps mitigate the impact of a cyberattack.

How to create a secure password in 4 steps?

Now that you know the characteristics of a good password, we'll explain how you can create a new secure password in just 4 steps:

1. Select a phrase 

The first thing you should do is choose a phrase with a minimum length of 10 characters that people close to you don't know. A good option is to take a saying or proverb, such as «el que nace pa' tamal, del cielo le caen las hojas», and choose the first letter of each word to get a series of random characters: «eqnptdclclh».

Another very useful option is to choose a passphrase. These are phrases composed of a series of random words that are unrelated to each other, which makes them very difficult to decipher but, at the same time, very easy to remember due to how uncommon it is to mix them. For example, the words «zebra», «ten», «enormous», and «Saturday» could be used.

2. Include special characters and numbers

This is a requirement on most websites, and it's as simple as including special characters (like “¿” and “#”) and numbers at the beginning, end, or in the middle of the phrase you've already chosen. Following the previous examples, the passwords could become «51eqnptdclclh#!» and «cebra+diez10enormesabado€7»

You can also use these characters to replace some of the letters in the phrases. However, it's important to avoid obvious character substitutions, such as replacing the letter «O» with the number zero, as these substitutions are already known by most hackers and programs used for brute-force attacks and are easy to decipher.

Although this is the most secure, for most people, these can be very difficult to remember, and it can be annoying when typing them (especially on a phone). Therefore, it is advisable to use password managers, as we will explain later.

3. Alternate between uppercase and lowercase

It is also advisable to use combinations of uppercase and lowercase letters. Following the previous examples, they would look like this: «51EqnptdClclh#!» and «ceBra+diez10enorMesaBado€7».

At this point, the passwords already have a fairly robust level of security, and while that doesn't mean they are impossible to decipher, it does imply that it will take a hacker a very long time to do so.

4. Measure your password's security

An additional step you can take is to check if the password you created is secure enough. For this, you can use online tools like the one offered by Bitwarden, which securely and freely measures the password's «strength» or security level.

Controls from standards like ISO 27001 require creating secure password policies to comply with certification.

What are examples of secure passwords? 6 examples below

Now that you know how to create secure passwords, here are some ideas with these examples.

• Passphrase: MiGatoComePescado!2024
• Word combination: Elefante&Zapato27@Mar
• Phrase initials: "I'm going to run 5 km every day" → Password:V@C5kTLD!
• Replacing letters with numbers or symbols: C0m3nd0r@M!r@!
• Using uppercase and lowercase letters: @pPleJu!ceF0rMe
• Length and complexity: C@mp0st0$9D!g3t4l!

Ways to protect your password

Once you've created a secure password, it's important to know how to keep it protected. Here are some tips:

Change them regularly

Regularly updating your most important passwords (like those for online banking, bill payments, or email) is a practice you should maintain. This way, even if someone manages to get your password, changing it will force them to figure out the new one to regain access to your information.

Don't share them with anyone

You are the only person who should know your passwords. Sharing them with others carries the risk that they might not protect them adequately, making them vulnerable to cybercriminals. Furthermore, the person you share them with could use them for malicious purposes. It's especially important never to send passwords through unsecured communication channels, such as emails or text messages, as these can be intercepted by third parties.

In companies, there are often accounts, applications, and other platforms that require shared access, meaning multiple people need to know the login password. In these cases, it's ideal for passwords to be managed by a select group of individuals who are responsible for updating and protecting them.

Use a password manager

The password managers are extremely useful tools that work by encrypting all the information they store and are responsible for remembering your passwords for you. The only password you'll need to remember is the master password, which grants you access to the manager and, consequently, to all the passwords you've saved in it.

Many password managers or administrators function as generators of random, secure passwords that update periodically without you having to request or review them. Among the most secure password managers on the market are Keeper Security and Bitwarden.

Always use two-factor authentication

Two-factor authentication is an additional identity verification once the entered password is confirmed as correct. It involves using an alternative identification method, usually external to the platform you wish to access, such as biometrics (fingerprints, facial recognition, etc.), email, a text message to your mobile phone, or an authenticator app (an application that generates random codes periodically).

It's important to use this type of protection whenever possible, because even if a cybercriminal manages to decipher your password, it's unlikely they'll be able to fulfill the second authentication factor.

Keep your passwords hidden

Wherever you store your passwords, it's ideal that they remain inaccessible to others. For example, if you write them down on paper (which is not highly recommended), it should be in a place only you can access.

Why are strong passwords important?

Cyberattacks are a growing reality. Remote work has been the main trigger for the increase in cyberattacks in recent years, as many companies have not managed to develop strategies to maintain information security both personal and business. 

In this context, strong passwords are an essential barrier that prevents cybercriminals from accessing confidential information, including personal data, email and social media accounts, business information, among others.

It's important to note that small and medium-sized enterprises (SMEs) and startups are primary targets for cyberattacks. This is mainly due to a lack of information regarding cybersecurity and the use of short or easily decipherable passwords, which leaves the door open for hackers to get their hands on valuable information. 

How Do Hackers Steal Passwords?

Some of the most common ways a hacker can crack a password include:

Brute-Force Attacks

In this scenario, the cybercriminal uses malicious software that tries all possible character combinations until the password is cracked. This isn't as simple as it sounds, as it can take a long time, which is why it's not the most common method. However, it is effective for cracking short passwords.

In 2025, Blackfog identified a brute-force attack that used over 2.8 million IPs to target VPNs, firewalls, and edge devices from providers like Palo Alto Networks, Ivanti, and SonicWall.

Phishing

Phishing attacks are one of the most commonly used methods. The hacker creates a platform (such as a bank's website or a social media site) that looks very similar to the official one, and when the user enters their data, it is received by the hacker.

Spyware

It's a type of malware that installs unwanted applications that sometimes include malicious functionalities, such as adding strange search bars in browsers, homepages the user never set, among other things. Most frequently, they manage to extract passwords stored in these.

Additionally, there is a type of spyware known as keyloggers that is capable of recording all keystrokes on an infected computer's keyboard to decipher passwords.

Data Breaches

Once a company is hacked, the data obtained (including passwords) can be published online, sold on the Dark Web or used for extortion or to demand payments, among other malicious purposes. This information is exploited by other hackers, as it's common for old passwords to be recycled for new purposes, or for the same password to be used for multiple accounts.

We know that as a startup or SME, many cybersecurity details are often overlooked or unknown. Among them, password protection. Creating complex and secure passwords is particularly important, as is using tools that help manage them and keep them hidden from others. Not having secure passwords creates a major vulnerability for businesses.

That's why, at Delta Protect , we offer solutions like managed services for password managers, to keep your company's information secure.