Strong Passwords Without the Headache

Lesson 2 · taught by Pip

Most of us were taught that a "strong" password means a tangle of symbols, capital letters, and numbers. That advice is half-right and exhausting. The part that actually protects you is simpler than it sounds.

Here is the plain idea: length matters more than weird symbols. A long password takes far longer for a computer to guess than a short one stuffed with $ and !.

Think of it like a combination lock. A 3-digit lock has a thousand possible codes — patient hands could try them all. A 6-digit lock has a million. Each extra slot doesn't just add a little; it multiplies the work. Adding more length to a password works the same way: every extra character makes the pile of guesses dramatically bigger.

Length beats complexity

Computers don't guess passwords the way a person would. They try millions of combinations per second. Against that kind of speed, P@ss1! falls quickly — it's short, and the swaps are predictable. But a passphrase like purple-otter-lighthouse-coffee is long, and length is exactly what a fast guesser struggles with. 🔦

A good trick is to string together four or five random everyday words. Pick ones that don't naturally go together, so the phrase isn't a famous quote or a line anyone could predict. It's long, it's easy for you to picture, and it's hard for a machine to grind through. You can sprinkle in a number or a capital if a site demands it, but the real strength is the length you already built.

Reusing one password is the real danger

Here's the part most people miss. The biggest risk usually isn't that someone cracks your password — it's that you used the same one everywhere.

Companies get breached. When that happens, the email-and-password pairs they were holding can leak out. Attackers then take that one leaked pair and quietly try it on dozens of other sites — your bank, your email, your shopping accounts. If you reused that password, one break-in becomes many.

Picture a building where every door — front gate, apartment, mailbox, storage — opens with the same key. Lose that one key and a stranger has the whole building. Give each important door its own key, and a single lost key opens only one room.

So the goal isn't a single perfect password. It's a different password for each account that matters.

Which accounts matter most

You don't need to memorize a hundred unique passphrases by hand. Focus your effort on the accounts that unlock everything else:

• Your email — because password resets for other sites get sent there.
• Your bank and money apps.
• Anything with your saved payment details.

Make those long, unique, and memorable first. We'll cover an easier way to handle all the rest in the next lesson.

Your turn

Pick your main email account today. Change its password to a passphrase of four or five unrelated everyday words — something you can picture but no one could guess. Then ask yourself one honest question: do you use that same password anywhere else? If yes, that's your next one to change.

Next, we'll meet the tools that remember all these unique passwords for you — password managers and passkeys — so you never have to. 🐙