Strong passwords protect your digital life by making it much harder for someone to break into your accounts. Your email, school accounts, games, photos, messages, and money apps can all be connected, so one weak password can create many problems. A good password is long, unique, and hard to guess, but still possible for you to manage safely.
Learning this skill helps you make smarter choices online every day.
Password strength is mostly about the number of possible guesses an attacker would have to try. Longer passwords usually add much more security than simply swapping a few letters for symbols. A password manager can help you create and store unique passwords for each account, and two-factor authentication adds another layer of protection.
The goal is to reduce predictable patterns and increase the time and effort needed to break in.
Key Facts
- Longer is stronger: each extra character can multiply the number of possible passwords.
- Password strength estimate: combinations = character set size^password length.
- Entropy measures uncertainty: entropy in bits = log2(number of combinations).
- Use at least 12 to 16 characters for important accounts when possible.
- A passphrase such as River!Pencil7Moon can be stronger and easier to remember than a short random word.
- Use a different password for every account so one data leak does not unlock everything.
Vocabulary
- Password
- A password is a secret string of characters used to prove that you are allowed to access an account or device.
- Passphrase
- A passphrase is a longer password made from several words, often with numbers or symbols added for extra strength.
- Entropy
- Entropy is a measure of how unpredictable a password is, often measured in bits.
- Password manager
- A password manager is an app that creates, stores, and fills in strong unique passwords for your accounts.
- Two-factor authentication
- Two-factor authentication is a login method that requires a password plus a second proof, such as a code from your phone.
Common Mistakes to Avoid
- Using personal information, such as your name, birthday, school, or pet, is risky because attackers can often find or guess it from social media.
- Reusing the same password on many sites is dangerous because one hacked website can give attackers access to your other accounts.
- Making a password short but full of symbols is not enough because length usually increases the number of possible guesses much more effectively.
- Sharing passwords with friends or saving them in plain notes is unsafe because you lose control over who can see or use them.
Practice Questions
- 1 A password uses only lowercase letters, so there are 26 choices for each character. How many possible 6-character passwords are there? Use combinations = 26^6.
- 2 A 12-character password uses 62 possible characters for each position. Write the expression for the number of possible passwords, then estimate whether it is larger than 10^20.
- 3 Two students create passwords: soccer2024 and Blue!River!Cloud!7. Explain which one is stronger and why, using ideas of length, predictability, and uniqueness.