A strong password is one which is not easily guessable for an unauthorised user, and should never be told to anyone else. According to the National Cyber Security Centre, a strong password should:
- not be a default password for a given device/piece of software;
- among the most commonly-seen in password data breaches (e.g. 'password', 'hello123');
- be a combination of upper and lower case letters, numbers and keyboard symbols (such as ! @ . # etc);
- be at least 8 characters long, as longer passwords are more difficult to guess;
- not be used for multiple devices or services; and
- not contain guessable words, such your family name, pets name, birthday etc. Plain words can be made more difficult to guess by using different characters, such as @dv150ry_s3rv1ce (based on the word advisory_service). Please note that symbols and punctuation may be more difficult to enter or in different locations on foreign keyboards.
Consider the use of a password manager, which allows you to generate long, complex passwords that are unique for each service without having to remember them all.