Most password advice tells you what to do. This page shows you what it actually looks like. Every example below was generated randomly and meets current NIST and CISA recommendations. Use them as reference only — never copy them directly, since any published password is immediately added to attacker wordlists.
What makes a password strong?
Three things: length, randomness, and character variety. A strong password is at least 15 characters long, uses uppercase letters, lowercase letters, numbers, and symbols, and has never been used on another account. Human-chosen passwords almost always fail at least one of these three criteria — usually randomness.
Strong password examples by length
12-character passwords (minimum with MFA)
The floor for most accounts in 2026 when MFA is enabled. Without MFA, 12 characters is not sufficient by NIST standards.
| Example | Character types | Crack time |
|---|---|---|
kR7#mP2$vL9! | Upper, lower, numbers, symbols | 34,000 years |
Xq4@nB8&wT6^ | Upper, lower, numbers, symbols | 34,000 years |
9Lm#Kp2$Rn7@ | Upper, lower, numbers, symbols | 34,000 years |
15-character passwords (NIST minimum)
Meets NIST SP 800-63B minimum for standalone passwords without a second factor.
| Example | Character types | Crack time |
|---|---|---|
kR7#mP2$vL9!xBw | Upper, lower, numbers, symbols | 12 billion years |
Xq4@nB8&wT6^yM3 | Upper, lower, numbers, symbols | 12 billion years |
9Lm#Kp2$Rn7@vQ5 | Upper, lower, numbers, symbols | 12 billion years |
16-character passwords (CISA recommended)
The current CISA recommended minimum. The right length for email, banking, and work accounts.
| Example | Character types | Crack time |
|---|---|---|
kR7#mP2$vL9!xBw4 | Upper, lower, numbers, symbols | 2 billion years |
Xq4@nB8&wT6^yM3p | Upper, lower, numbers, symbols | 2 billion years |
9Lm#Kp2$Rn7@vQ5j | Upper, lower, numbers, symbols | 2 billion years |
20-character passwords (high-value accounts)
For master passwords, crypto accounts, and anything where a breach would be catastrophic.
| Example | Character types | Crack time |
|---|---|---|
kR7#mP2$vL9!xBw4Nz8@ | Upper, lower, numbers, symbols | Effectively infinite |
Xq4@nB8&wT6^yM3pKr2! | Upper, lower, numbers, symbols | Effectively infinite |
9Lm#Kp2$Rn7@vQ5jTx1& | Upper, lower, numbers, symbols | Effectively infinite |
Strong password examples by use case
Email account passwords
Your email is the master key to every other account. It resets every password you own. Use 16 characters minimum and never reuse this password anywhere else.
| Example | Length | Notes |
|---|---|---|
mK9#pR2$vL7!xBw4 | 16 | Full character mix, CISA compliant |
Tz8@nQ5&wM3^yK6p | 16 | No dictionary words, no patterns |
Banking and financial passwords
High-value target. Use 16 characters minimum, enable MFA, and never reuse across accounts.
| Example | Length | Notes |
|---|---|---|
vL9!xBw4kR7#mP2$ | 16 | Symbols distributed throughout |
yM3pXq4@nB8&wT6^ | 16 | No sequential numbers or letters |
Password manager master password
This password protects everything else. Use 20 characters minimum. If you need to type it from memory, use a passphrase instead of a random string.
| Example | Length | Notes |
|---|---|---|
kR7#mP2$vL9!xBw4Nz8@ | 20 | Random, no memorizable pattern |
correct-horse-battery-staple-7! | 31 | Passphrase — easier to type, equally strong |
Passwords for sites that block symbols
Some legacy systems only accept letters and numbers. Compensate with extra length — add at least 4 characters beyond your normal minimum.
| Example | Length | Crack time |
|---|---|---|
kR7mP2vL9xBw4Nz8 | 17 | Trillions of years |
Xq4nB8wT6yM3pKr2 | 16 | 2 billion years |
Weak vs strong: side by side
Every weak example below appears in real attacker wordlists. These are the first passwords cracking tools test.
| Weak password | Why it fails | Strong equivalent |
|---|---|---|
Summer2026! | Dictionary word + year + symbol = predictable pattern | kR7#mP2$vL9!xBw4 |
P@ssw0rd | Common substitution — in every cracking wordlist | Xq4@nB8&wT6^yM3p |
john1987! | Name + birth year + symbol — attackers test these using public info | 9Lm#Kp2$Rn7@vQ5j |
123456789 | Sequential numbers — cracked in under 1 second | mK9#pR2$vL7!xBw4 |
Never use these examples for your actual accounts
Every password on this page is now public. Any published password gets added to attacker wordlists immediately. Use these as a format reference only.
Generate your own unique password — free, client-side, no tracking. Your password never leaves your browser.
Generate Strong Password → Save it in NordPass $1.99/mo →
Related Reading
- Password Length 2026: Is 12 Characters Still Safe? — The data behind NIST and CISA recommendations
- Memorable Passphrase Generator — Strong passwords you can actually type from memory
- 1Password vs Bitwarden 2026 — Where to store these passwords once you generate them
Frequently Asked Questions
Can I use these password examples for my accounts?
No. Any password published online is immediately added to attacker wordlists. These examples show you the format and structure of a strong password. Generate your own unique version using the tool above.
What is an example of a very strong password?
A very strong password is 16 or more characters long, uses all four character types (uppercase, lowercase, numbers, symbols), and was generated randomly. Format example: kR7#mP2$vL9!xBw4 — generate your own, never copy this one.
What is a strong password with numbers?
A strong password distributes numbers throughout rather than appending them at the end. k7R#m2P$v9L!x4Bw has numbers at positions 2, 7, 10, and 14. Avoid patterns like "password123" — cracking tools test end-appended numbers first.
How do I make a strong password I can actually remember?
Use a passphrase: 4 or more random words connected by symbols or dashes. correct-horse-battery-staple-7! is 31 characters, effectively uncrackable, and memorizable. Use the passphrase generator to create one.
What is a strong 8-character password example?
8 characters is not strong by 2026 standards — a modern GPU cracks it in 39 minutes. If your system forces 8 characters use all four character types: kR7#mP2$. Always use the maximum length the system allows and enable MFA to compensate.
How is a strong password different from a secure password?
They mean the same thing. A strong password is long, random, and unique. Security requires all three — length alone is not enough if the password follows a predictable pattern, and randomness alone is not enough if the password is reused across accounts.