Password Security Guide — Create Strong Passwords

Weak passwords remain one of the easiest ways attackers compromise accounts. A strong password policy — plus a password manager — dramatically reduces risk.

What makes a password strong?

1. Length — aim for 16+ characters where allowed.
2. Randomness — avoid names, dates and dictionary words.
3. Uniqueness — one password per site or service.
4. No predictable patterns — not Password123! on every account.

NIST and modern security guidance emphasize length over forced rotation of weak passwords.

Common attacks

• Credential stuffing — leaked passwords reused elsewhere.
• Brute force — trying millions of combinations (slowed by rate limits).
• Phishing — tricking you into revealing passwords directly.

Strong random passwords help against brute force; a password manager helps against reuse.

Password managers

Store unique passwords encrypted. You remember one master password; the manager fills credentials per site.

Enable two-factor authentication (2FA) on email, banking and cloud accounts — especially your password manager.

Generating passwords safely

Browser-based generators are fine when:

• Randomness comes from crypto.getRandomValues (not Math.random).
• You copy directly into a password manager.
• You do not transmit the password over insecure channels.

Use MerQPrime’s generator

Our password generator creates cryptographically random passwords with configurable length and character sets — entirely in your browser.

Developers verifying stored credentials can hash test strings with the SHA-256 generator. For API debugging, inspect token payloads with the JWT decoder — never paste production secrets into third-party sites.

Never share generated passwords in chat or email. Store them in a password manager immediately.

Quick checklist

• Unique password per important account
• 16+ characters for email and banking
• 2FA enabled where available
• Password manager in use
• No passwords in notes apps or spreadsheets