Generate strong, random passwords instantly. Customise length and character sets to match any security policy.
Strong passwords are your first line of defence. Here is what actually matters — and what most people still get wrong.
A 20-character password made of random words is far harder to crack than an 8-character password with symbols. Modern attacks use billions of guesses per second and length is what makes the difference. Aim for at least 16 characters for any account that matters.
When a website is breached, attackers immediately try those credentials on Gmail, banks and social media. This is called credential stuffing and it is the most common way accounts get taken over. One unique password per account, no exceptions.
A reputable password manager (Bitwarden, 1Password, KeePassXC) encrypts your passwords locally or in the cloud. You only need to remember one strong master password. Never store passwords in plain text files, spreadsheets, or browser notes — and never email them to yourself.
The main threats are phishing (fake login pages), data breaches (leaked databases), keyloggers (malware recording keystrokes), and brute force (automated guessing). A strong unique password stops brute force. Two-factor authentication stops the rest.
2FA adds a second verification step — a code from an app like Authy or Google Authenticator — that an attacker cannot access even if they have your password. Enable it on every account that offers it, starting with email and banking.
Visit haveibeenpwned.com — a free service that checks whether your email address appeared in any known data breach. If it has, change the password for that account immediately and everywhere you may have reused it.