Close up view of a man’s hands typing on a black laptop computer.

How to Create a Strong Password

03/30/2026

Are your current passwords keeping personal and financial information secure? Check out these password best practices to better protect accounts.

Key takeaways:

  • Why password security is critical in today’s connect world and how modern threats have evolved.
  • The latest best practices for creating secure passwords, including recommended length and complexity.
  • How to make a strong password, from using passphrases, password managers, and multi-factor authentication (MFA) to making security stronger.
  • Why password uniqueness matters and how to prevent credential stuffing attacks.

Managing passwords in a connected world

In today’s hyper-connected world, business owners rely on multiple apps and websites to run operations, manage finances, and stay productive. From approving invoices on a bookkeeping app to ordering office supplies online, every task often requires a secure login.

The challenge? Password overload. Most professionals juggle credentials for banking, cloud software, smart devices, and more. A strong password remains critical for protecting sensitive data, but many users still reuse passwords or choose weak ones, putting their business at risk.

The good news: Modern solutions like password managers, multi-factor authentication (MFA), and emerging passkey technology make it easier to stay secure without memorizing dozens of passwords. Implementing these tools is essential for safeguarding financial and personal information.

The value of strong passwords

Hackers and cybercriminals want username/password combinations not only so they can access financial accounts and steal money, but also so they can sell valuable information such as healthcare records, company data, customer information and other personally identifiable information that makes it easy to commit identity theft.

The risk is real: billions of stolen credentials circulate online due to ongoing data breaches. If you’re still using old or weak passwords like “password” or “123456,” your personal and digital banking accounts are easy targets.

As of mid-2025, an estimated 1.8 billion credentials have already been stolen via infostealer malware, nearly 800% surge compared to the previous year. In June alone, researchers identified a collection of 16 billion login credentials circulating on the dark web. However, what you can do is check to see if your information has been exposed. Use trusted tools to see if your email or credentials appear in known breaches.

What makes a strong password?

Once you're ready to protect your finances and level-up your password-making skills, there are a few cybersecurity basics to consider in building more secure log-ins. Consider the following questions about each new password:

To protect your accounts:

  • Create strong, unique passwords for every login
  • Avoid personal details like names or birthdays.
  • Use a password manager to store and generate secure credentials.
  • Enable multi-factor authentication (MFA) or consider passkeys for added security
  • Utilize tools like Identity Theft Protection1 from Fifth Third to monitor personal information and receive alerts to potential identity threats.

 

Is your password long enough?

Cybersecurity experts now recommend passwords with at least 12-16 characters for strong protection. Longer passwords are harder to crack, especially when they include:

  • Upper- and lower-case letters
  • Numbers
  • Special symbols

Instead of single words, use passphrases, a string of unrelated words combined with numbers and symbols. Here’s a strong password example:

  • Original phrase: The Chicago Cubs won the World Series in 2016
  • Secure passphrase: TCCWTWSI2016!

You can also create memorable combinations that aren’t obvious to others. For instance:

  • Childhood nickname plus the year: LittleDove1936
  • Add a symbol for extra security: LittleDove!1936

Pro tip: Use a password manager to generate and store complex passwords, and enable multi-factor authentication (MFA) or passkeys for added security.

Is your password unique?

Once you’ve landed on a good, strong password that’s easy for you to remember but difficult for others to guess, it’s tempting to use the same password over and over. But even the strongest password becomes a liability if you reuse it across multiple accounts. Why? Because if one account is compromised, say through a social media breach, hackers can use the same password to access your banking, email, and business systems. Multiple unique passwords for each account will ensure your other accounts remain secure. This tactic, called credential stuffing, is one of the most common cyberattacks today.

The solution: every account needs its own unique password. If remembering dozens of passwords feels impossible, use a password manager. Popular options like 1Password, Dashlane, LastPass, and KeePass offer secure storage, password generation, and syncing across devices. Many now include free plans and advanced features like zero-knowledge encryption.

Pro tip: Enable multi-factor authentication (MFA) wherever possible, and consider switching to passkeys—a passwordless login method supported by major platforms for stronger security.

How often should you change your password?

Using different passwords for different accounts is essential, but what about changing them regularly? For years, experts recommended updating passwords every 90 days. Today, cybersecurity standards have evolved. According to the NIST guidelines, frequent password changes can actually lead to weaker passwords because users often choose predictable patterns.

Modern best practice:

  • Do not rotate passwords on a fixed schedule. Instead, change them immediately if there’s a breach, suspicious activity, or if you shared credentials.
  • Review your accounts quarterly for unusual activity rather than forcing password changes.
  • For critically sensitive accounts like banking or cloud bookkeeping, consider updating passwords after any security alert or major breach, not just by the calendar.

If you want extra peace of mind, you can still set reminders to review your security settings. And remember, the most effective protection comes from unique, strong passwords, combined with multi-factor authentication (MFA) or passkeys, which are quickly becoming the industry standard for passwordless login.

Living in an increasingly connected world means your password may be the only thing standing between your finances, health records, or business data and a cybercriminal. That’s why it’s crucial to take password security seriously, making sure they’re long enough, unique enough, and updated when necessary. When you protect your passwords, you protect your identity, your finances, and your business.

Read more from Fifth Third about how to build a stronger, more protected business here, or by contacting your Fifth Third banker.