What The Tech: The key to a strong password
BY JAMEY TUCKER, Consumer Tech Reporter
Most people know their passwords are bad.
They reuse them. Make them too short. Use birthdays, pet names, or the same password with tiny changes across dozens of websites.
And hackers know it too.
Today, most online accounts aren’t hacked because someone “guessed” a password. They’re hacked because passwords were stolen in a data breach and reused somewhere else.
That’s why cybersecurity experts say passwords should be:
• Long
• Unique
• Difficult to guess
• Different for every account
The problem is remembering them all.
Fortunately, there are now a few smarter ways to handle passwords without losing your mind.
The “Secret Formula” for Creating Strong Passwords
One of the easiest ways to create memorable passwords is to start with something already stuck in your brain. Favorite movie titles, songs, books, or quotes work well. For example:
“Back to the Future” and “Raiders of the Lost Ark.”
Take the first letter of each word:
B T T F
R O T L A
Now combine them:
BTTFROTLA
Then strengthen it:
• Replace letters with numbers or symbols
• Use upper and lowercase letters
• Add punctuation somewhere in the middle
Suddenly you’ve got a long password that’s difficult for hackers to crack, but still easy for you to remember because it actually means something to you.
But there’s one important rule: Do not reuse that password across multiple accounts.
Security experts warn that even slight variations of the same password can become a problem if one account gets exposed in a breach. Modern hacking tools and AI systems look for patterns. The safest approach is using completely unique passwords for important accounts like email, banking, and shopping sites.
Password Managers Make This Much Easier
This is where password managers come in.
A password manager stores your passwords securely and can even create strong passwords automatically. There are paid options like 1Password and Bitwarden, but most people already have one built into their devices for free.
Apple users now have the Passwords app.
Google Chrome and Android devices include Google Password Manager.
Microsoft Edge also has built in password storage. Cybersecurity experts say using the password manager already built into your phone or browser is far safer than reusing the same password everywhere.
Modern password managers can:
• Create strong passwords automatically
• Fill them in for you
• Warn you about compromised passwords
• Sync passwords across devices
And they’re protected with Face ID, fingerprints, or your device PIN.
What Are Passkeys?
Now the tech industry is pushing something even newer: Passkeys.
Passkeys are designed to replace passwords completely.
Instead of typing a password into a website, you simply use:
• Face ID
• Your fingerprint
• Or your device PIN
When a website asks if you want to create a passkey, tap yes. The next time you log in, your phone or computer verifies your identity automatically.
The biggest advantage is security. With traditional passwords, scammers can trick people into typing passwords into fake websites. But passkeys only work on legitimate websites, making phishing attacks much more difficult.
There’s also no password sitting on a server waiting to be stolen in a data breach. Apple, Google, and Microsoft are all heavily supporting passkeys now, and more websites are beginning to offer them.
Are Passkeys Perfect?
Not quite.
Some users are confused about where passkeys are stored. Others worry about what happens if they lose their phone or switch from iPhone to Android.
And many websites still make the setup process more confusing than it should be. But cybersecurity experts generally agree: Passkeys are one of the biggest improvements to online security in years.
The Bottom Line
You don’t have to become a cybersecurity expert to protect your accounts.
The biggest improvements most people can make are simple:
• Stop reusing passwords
• Use longer passwords
• Turn on two factor authentication
• Use a password manager
• Start trying passkeys when websites offer them
Because today, the real danger usually isn’t a weak password. It’s using the same one everywhere.
