What Makes a Good Password? (And Why It Matters More Than Ever)

Cybersecurity password advice context of Iran war hacking March 2026

When a pro-Iranian hacking group claimed to have broken into the personal email account of the FBI Director in March 2026, the story prompted a wider question that affects everyone who uses the internet: how secure are our own accounts? Cybersecurity experts say that most successful attacks do not use sophisticated hacking techniques.

Instead, they exploit simple human habits — using weak passwords, reusing the same password for multiple accounts, or clicking on phishing emails. So what makes a good password?

Experts recommend passwords that are at least 12 characters long. They should contain a mixture of upper and lower case letters, numbers, and symbols like !

or @. They should not contain your name, birthday, or common words.

Even better than a complex password is a passphrase — a series of random words strung together, like 'purpleelephantcoffeerain'. This is long enough to be very secure but easier to remember than a random string of characters.

Additionally, you should never use the same password for different accounts. If one account is hacked, all others with the same password are immediately at risk.

A password manager can help — it stores all your different passwords safely and generates new ones automatically. Finally, enable two-factor authentication (2FA) wherever possible.

This means that even if someone has your password, they also need a second piece of evidence — usually a code sent to your phone — to access your account.