The best passwords are long, complicated, and totally unique. Plus, they don’t contain easy-to-guess personal details or popular sayings. To create one that’s complex but still easy to remember, try changing up a familiar phrase by swapping out letters with similar special characters (think @ for a, $ for s). And never use the same password twice.

You probably know that personal details, like your birth date or pet’s name, shouldn’t be used as passwords. With a little research, someone else — like a trained cybercriminal — could easily crack the code.

You may lose access to your email, bank accounts, or social media profiles if a stolen password is used across multiple accounts.

So, what makes for a strong password? Here are our guidelines for password security. 

How to create a strong password

Don’t pull from your personal history – or even from the dictionary — for your passwords

People naturally gravitate to anniversaries, addresses, or family members’ names because they’re easy to remember. But they can also be easy for others to discover with a bit of amateur internet sleuthing.

Every time you use the internet, your digital footprint grows. And as data breaches continue to accumulate, your details may be more exposed than you realize.

So when considering what's a good password to use, it’s smart to avoid referencing anything personal.

Aim for long, complicated, and totally unique passwords

It’s also wise to use the longest password allowed. Most sites cap off password length somewhere between 8 and 64 characters.

For some passwords, you may also be able to add spaces, which add to the character count. 

Just because a password is long, though, doesn’t make it a good choice. When written plainly, easy-to-remember lyrics or phrases aren’t very secure. If you know all the words to a song, others probably do too.

Randomness, then, is key to a good password. And a word or phrase that’s misspelled or nonsensical is even better, as some thieves use programs that try every word in the dictionary, a method known as a dictionary attack.

One good solution: Take a phrase that’s easy to remember, and tweak it to make it harder to guess, like in the examples below.

  • Swap out letters with similar special characters (think @ for a, $ for s) to turn a familiar verse into a stronger password. For example, Wordsworth’s “I wandered lonely as a cloud” becomes “Iw@nderedlonely@$@cloud” — a much stronger password.

  • Use only the first letter of each word in a popular phrase or song. Sheryl Crow’s “All I wanna do / is have some fun / and I’ve got a feeling / I’m not the only one” becomes the more cryptic “AIWDIHSFAIGAFINTOO.”

Don't repeat passwords

Whatever you do, don’t use the same password more than once. That way, if a single account is compromised, your entire identity won’t be up for grabs.

We recommend using different passwords for each online account and changing them regularly (think: every three months) — but we recognize that this can be a lot of work.

Enter a password manager. 

Store your passwords in a password manager 

If the above tips feel like a lot of work, consider a password manager — which can simplify the process of creating strong passwords.

A password manager is an application or web browser that encrypts and stores your usernames and passwords. With a password manager, you can easily manage all of your logins with one single master password.

Many Allstate Identity Protection plans include a password manager. If you're a member, check your account dashboard to see if you have access to this feature, located under the Cybersecurity tab.

With our password manager activated, you'll have access to these features and more:

  • Password keeper with secure encryption

  • Password generator

  • Password strength checker