Passwords are the bloodline of data and online security, but our research on the password habits in the U.S. shows that less than half of Americans feel confident that their password is secure. Is your password secure? We built this password checker tool to help you find that out yourself, so try it out now!
Pro Tip: We recently rolled out a new password generator tool that will help you create super secure passwords in a snap!
What Makes a Good Password?
- A password should be at least 12 characters long (ideally 16 characters or more); our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
- A password should include a combination of letters (both uppercase and lowercase), numbers, and characters.
- You must have a unique password for each online account.
- A password shouldn’t include any of your personal information like your birthday or address, as identity theft and data breaches can compromise such information. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
- A password shouldn’t contain any consecutive letters or numbers (i.e. ABCD, 1234, etc.)
- A password shouldn’t be the word “password” or the same letter or number repeated.
Why Is Password Security Important?
Not having secure passwords has its consequences, which include but are not limited to:
- After gaining access to a user’s credentials, many hackers will log into their accounts to steal more of their personally identifiable information (PII) like their names, addresses, and bank account information. They will use this information either to steal money from the user directly or to steal their identity. Identity theft can result in further financial losses or difficulty getting loans or employment.
- A hacker breaking into your accounts due to a weak password can compromise your privacy. For example, if you don’t change the default password of your IP security cameras, hackers may be able to log into your user account and watch you in your own home.
- For businesses, hackers can start disinformation campaigns against companies, sharing their data with competitors and storing it for a ransom1.
The Impact of Stolen Passwords
Compromised passwords caused 80 percent of all data breaches in 20192, resulting in financial losses for both businesses and consumers.
Impact on Businesses
- Internationally, the average cost of a data breach in 2020 for businesses was $3.86 million, according to IBM. However, for the U.S, the average cost was the highest worldwide at $8.64 million3.
- In the manufacturing industry specifically, malware that stole credentials and dumped passwords created 922 cybersecurity incidents in 2020. 73 percent of these incidents were motivated by financial incentives, while with 27 percent of these incidents, the motive was espionage4.
| Top Data Compromised | Percent of Manufacturers With Data Breaches in 2020 | 
|---|---|
| Credentials | 55% | 
| Personal | 49% | 
| Payment | 20% | 
| Other | 25% | 
- If companies have a data breach caused by stolen credentials, they can lose up to three percent of their overall market value long-term. For the retail industry, this loss triples to nine percent within only 30 days of the breach announcement. According to researchers from the University of North Carolina’s Kenan Flagler Business School, this increase is due to the fact that retail customers are less brand loyal than consumers in other industries5.
Impact on Consumers
Customers’ PII-related data is the most valuable data type that hackers can extract from security breaches, costing $150 per record according to IBM’s 2020 Cost of Data Breach Report.
The FTC reports that in 2019, total losses from identity theft, which can be caused by stolen passwords, totaled $92 million. The median loss from identity theft for consumers was $8946.
Other Ways To Protect Yourself Online
Aside from creating secure and unique passwords for all web accounts, there are other best practices to increase one’s digital security.
- Use a VPN: While passwords keep unauthorized users out of accounts, Internet Service Providers can still track a user’s online activity as well as their devices’ private IP addresses. The only way to hide web activity and IP addresses is to connect not directly to a public Wi-Fi network, but instead to a VPN, which stands for Virtual Private Network. Learn more about some of the best VPNs such as NordVPN, all tested by our digital security experts.
- Get identity theft protection: While a strong password can go a long way in protecting online accounts, there’s no single action that can protect a user’s personally identifiable information from identity theft. Rather, top identity theft protection software monitors key criminal and financial areas for users’ personal information.
- Use antivirus software: The best antivirus software can scan computers, phones, and tablets for malware, ransomware, viruses, spyware, and other cyber threats.
- Use a password manager: The best password managers store users’ usernames and passwords in encrypted vaults, requiring only master passwords or biometrics to log into accounts. Memorizing dozens of secure passwords is tedious, so we strongly recommend using a reliable password manager to store all your passwords.
- Only change passwords when needed: While digital security experts used to recommend changing passwords in regular intervals, it’s a myth that doing so keeps your accounts more secure. The prevailing train of thought now among experts like ourselves is that if you change your password often, there’s a greater chance you’ll use weaker passwords that are easier to remember or succumb to a pattern that will make your passwords more predictable. Rather, it’s only necessary to change passwords if the account itself is compromised.
How Our Tool Works: Methodology
Our “how secure is your password” tool above checks users’ passwords against a database of common weak passwords. It evaluates each password based on key factors such as:
- Number of characters: The password should have at least eight to 10 passwords, but 16 to 20 characters is ideal.
- Combinations: The password should include a combination of letters, numbers, and symbols rather than a phrase. Each character has an associated numerical value, and these characters are summed to create a grand total.
- Uniqueness: The password shouldn’t be repetitive in terms of its characters, with unique combinations instead.
Using these factors, the tool scores each password and converts this score into the amount of time it would take a computer to crack this password. For example, the password “f0JB^B5sjmXl” would take a computer 34,000 years to crack.
Frequently Asked Questions
For more information on password security and hygiene, we’ve answered the questions we get the most often.
- 
            What is the most secure password?
            There’s no one password that is the “most secure”, and if there was, to write it here would make it insecure, as thousands of people would use it on their accounts. Rather, secure passwords contain a seemingly random combination of numbers, letters and symbols and include at least 16 to 20 characters. 
- 
            What is an example of a secure password?
            An example of a secure password is bL8%4TO&t9b%, generated by the password manager LastPass, which would take a computer 46 million years to crack! 
- 
            How secure is a 12 character password?
            A 12 character password is somewhat secure; however, the most secure passwords are 16 to 20 characters long. 
- 
            Are long passwords more secure?
            Long passwords are more secure than short passwords. We recommend using passwords that are anywhere from 16 to 20 characters long, although nearly half of Americans use passwords of eight characters or fewer. 
- 
            What are the five most common passwords?
            The five most common passwords are 123456, 123456789, picture1, password and 12345678, according to 2020 research from NordPass. Password How Many People Use It? How Much Time Did It Take To Crack? How Many Times Has It Been Exposed? 123456 2,543,285 Less than 1 second 23,597,311 123456789 961,435 Less than 1 second 7,870,694 picture1 371,612 3 hours 11,190 password 360,467 Less than 1 second 3,759,315 
 
                   
                                     
                                                             
                                                             
                                                            