What is a secure password in 2017?

Published: 15 November 2017

First and foremost, a secure password is actually kept confidential, without anybody other than its user knowing it. In addition, it consists of at least 12 characters, including symbols from the entire keyboard, and is only used on one platform.

In digital environments, you use unique strings of characters and identifiers in combination your email address or username to verify your identity: these are passwords. However, no matter how sophisticated your passwords are, they only protect your information if you keep them confidential. Therefore, do not disclose them to anybody, not even your loved ones, do not publish them and do not write them down in places accessible to others.

In addition to their confidentiality, truly secure passwords have some technical characteristics as well. This means that a secure password cannot be figured out or cracked, or requires such a considerable amount of time and computing capacity to crack that nobody can, or wants to, dedicate to doing it. Since computing capacities and password cracking methods evolve, you should keep up-to-date with security parameters.

In 2017, your password should consist of at least 12 characters, but the longer it is, the better. It should include upper and lower-case letters, digits and special characters. This means that the characters that make up the password should cover the whole surface of the keyboard. If, for example, you only choose characters from the uppermost row of numbers, the possible combinations can be run with today’s computing capacities in a matter of seconds.

What is surely a bad idea: obvious and repeated

Do not use passwords that are obvious. They should have no clear connection to your personal information, for example, your birthday or family.

They should not consist of consecutive number and/or letters. An international study showed that the most frequently used, and thus most easily guessable, password in the world is 123456, followed by “password”. It can also be presumed that this number combination, along with “jelszo” meaning password, is also frequently used as a password in Hungary.

You should avoid these and, if possible, dictionary entries as well. Have more imagination!

For example, try to come up with your own rule that you can apply to produce a string of characters that seems random to others from an excerpt (e.g. a poem, film quote, etc.). For instance, compared to “c262e1e64c”, “mothertyukja” is stronger and easier to remember (being a combination of the English word “mother” and the Hungarian word “tyúkja”, meaning “hen”) as it requires the use of two dictionaries of different languages. After a little bit of enhancement, “5mother1Tyukja9” can definitely be considered a password of suitable strength.

Do not use the same password on multiple platforms because if your password is cracked in a poorly protected application, the security of your information will be compromised on all other platforms as well. If it seems hard to remember many different passwords, you should consider using password vaults, i.e. an application that keeps all your passwords encrypted behind a master password.

Password assessment

There are sites that promise to assess the level of security of your passwords if you enter them. You should under no circumstances provide your passwords on such platforms. If you still want to know how strong a password you came up with is, you should make up a model version with a similar structure to that of the actual one, but with different character, and test it.


You can find out whether the information associated with your email address was made public during a major data theft incident at

You can read more about the future of password use and competing alternatives at