Today\u2019s conversation covers more than just the most secure authentication methods and ways to make strong passwords. We\u2019ll discuss techniques for remembering passwords, and answer the question of why using a password manager in 2025 is a really good idea.<\/p>\n
How to sign in more securely in 2025<\/h2>\n
There are several options for signing in to online services and websites today:<\/p>\n
- \n
- The traditional login-and-password<\/a> combination<\/li>\n
- Logging in with a third-party service<\/a> like Google, Facebook, Apple, etc.<\/li>\n
- Two-factor authentication<\/a> using one of the following methods for verification:\n
- \n
- SMS one-time code<\/a><\/li>\n
- Authenticator app<\/a> like Kaspersky Password Manager<\/a>, Google Authenticator, or Microsoft Authenticator<\/li>\n
- Hardware key<\/a> like Flipper, YubiKey, or a USB token<\/li>\n<\/ul>\n<\/li>\n
- Passkeys<\/a> and biometric authentication<\/a><\/li>\n<\/ul>\n
Naturally, any of these methods can be compromised (for example, by leaving your hardware token sticking out of the USB port of an unattended computer in a public place), or toughened up (for example, by creating a complex password of more than 20 random characters). And so, as the era of traditional passwords isn\u2019t over just yet, let\u2019s try to figure out how we can improve our current standing by coming up with and memorizing an easy-to-remember password.<\/p>\n
How do you remember a complex password?<\/h2>\n
Before answering this question, let\u2019s recall the basic truths about passwords:<\/p>\n
- \n
- Recommended length: 12\u201316 characters.<\/li>\n
- A password should use different types of characters: numbers, lowercase and uppercase letters, and special characters.<\/li>\n
- A password shouldn\u2019t contain personal information easily traced back to the user.<\/li>\n
- A password needs to be unique<\/a> to each of your accounts.<\/li>\n<\/ul>\n
Got it? Good. Now for the key issue<\/a>: a complex password is easy to forget; a simple one \u2014 easy to crack. To help you achieve a balance between the two, we\u2019ve put together some well-known, but still effective rules for creating easy-to-remember passwords.<\/p>\n
Basic level<\/h3>\n
String together some unrelated words like the ones used in seed phrases when registering crypto wallets. And add a couple of numbers and special characters on the end that are meaningful to you but won\u2019t be easily guessed by an attacker.<\/p>\n
Example<\/strong>: DryLandStandGift2015;)<\/em><\/p>\n
Shorter words are easier to remember, and the number shouldn\u2019t be the year you or a loved one was born. It could be any memorable combination, such as the year you first went to Disneyland, the license plate of your first car, or your wedding date.<\/p>\n
Advanced level<\/h3>\n
Think of a favorite line from a song or a memorable quote from a movie, and then replace, say, every second or third letter with special characters that aren\u2019t in sequential order on the keyboard. Using easily accessible special characters (those you see on your phone\u2019s on-screen keyboard in numeric mode) is handier. This is how you can make a strong password that\u2019s quick to type and makes your life easier.<\/p>\n
For example, if you\u2019re a fan of the Harry Potter saga<\/a>, you may try to use the Wingardium Leviosa<\/em> charm for a good cause. Let\u2019s try transforming this levitation charm according to the rule above while peppering it generously with special characters:<\/p>\n
Wi4ga\/di0mL&vi@sa<\/em><\/p>\n
At first glance, a password like this looks impossible to remember, but all it takes is a little typing practice. Type it up two or three times, and you\u2019ll see your fingers reaching for the right keys by themselves.<\/p>\n
How about entrusting password generation to neural networks?<\/h2>\n
With the recent surge of ChatGPT and other large language models (LLMs), users have started turning to them for passwords. And it\u2019s easy to see why that would be an appealing option: instead of straining to come up with a strong password, you just ask the AI assistant to generate it \u2014 with immediate results. And you can ask to make that password mnemonic if you wish to.<\/p>\n
Alas, the danger of using AI as a strong password generator is that it creates combinations of characters that only appear random to the human eye. Passwords generated by AI are not as reliable as they may seem at first glance\u2026<\/p>\n
Alexey Antonov, Data Science Team Lead at Kaspersky, who conducted the previous password strength study<\/a>, has generated a thousand passwords with ChatGPT, Llama, and DeepSeek each. It turned out each model knew that a good password consisted of at least a dozen characters, including both uppercase and lowercase letters, numbers, and special characters. However, DeepSeek and Llama sometimes generated passwords consisting of dictionary words, with some letters replaced with similar-looking numbers or symbols, such as B@n@n@7<\/em> or S1mP1eL1on<\/em>. Amusingly, both models seemed to have a soft spot for the Password<\/em> password, providing such variations as P@ssw0rd<\/em>, P@ssw0rd!23<\/em>, P@ssw0rd1<\/em>, or P@ssw0rdV<\/em>. Needless to say, these aren\u2019t secure passwords, as intelligent brute-forcing algorithms are well aware of the letter substitution trick.<\/p>\n
ChatGPT does a better job. Here are some examples of what it came up with:<\/p>\n
- \n
- qLUx@^9Wp#YZ<\/em><\/li>\n
- LU#@^9WpYqxZ<\/em><\/li>\n
- YLU@x#Wp9q^Z<\/em><\/li>\n
- P@zq^XWLY#v9<\/em><\/li>\n
- v#@LqYXW^9pz<\/em><\/li>\n<\/ul>\n
These seem to be completely random sets of letters, special characters, and numbers. However, if you look closely, you can easily find some patterns. Some characters, for example, 9, W, p, x, and L, are used more often than others. We compiled a character frequency histogram for all generated passwords, and here\u2019s what we found: ChatGPT\u2019s favorite letters are x<\/strong> and p<\/strong>, Llama loves the character #<\/strong> and is partial to p<\/strong> too, while DeepSeek is hooked on t<\/strong> and w<\/strong>. Meanwhile, a perfectly random number generator would never favor any particular letter over others, but use every character roughly an equal number of times, making the passwords less predictable.<\/p>\n
![\"Frequency](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2025\/04\/04102830\/international-password-day-2025-01.png\")
<\/a>Frequency of character usage by different language models when generating a thousand passwords. Note that almost every password generated by ChatGPT contains the letters x, p, I, and L<\/p><\/div>\n
In addition, LLMs, like humans, often neglect to insert special characters or numbers into passwords. A lack of these symbols was found in 26% of passwords generated by ChatGPT, 32% of those generated by Llama, and 29% by DeepSeek.<\/p>\n
Awareness of these specifics can help cybercriminals bruteforce AI-generated passwords significantly faster. We ran the entire set of AI-generated passwords through the same algorithm we used for the previous study<\/a>, only to find a discouraging trend: 88% of passwords generated by DeepSeek, and 87% by Llama, proved insufficiently secure. ChatGPT came out on top \u2014 with only 33% of its passwords insecure.<\/p>\n
Sadly, LLMs don\u2019t create a truly random distribution, and their output is predictable. Besides, they can easily generate the same password for you as for other users. So what should we do?<\/p>\n
Combined approach<\/h2>\n
We recommend using our Password Checker<\/a> service or, better yet, Kaspersky Password Manager<\/a>, to generate passwords. These two use cryptographically secure generators to make passwords that don\u2019t contain detectable patterns, which guarantees true randomness. After generating a strong password, you can then come up with a mnemonic phrase to remember it.<\/p>\n
Let\u2019s say the password generator gives you the following combination:<\/p>\n
HSVpk*VR0Gkq#WwJ<\/em><\/p>\n
Then, a phrase to help you remember the password might look like this: In a high-speed vehicle (<\/em>HSV<\/strong>), you go over a peak (<\/em>pk<\/strong>) and see a star (<\/em>*<\/strong>) in virtual reality (<\/em>VR<\/strong>). Then you fall at zero gravity (<\/em>0G<\/strong>) and see the king and queen (<\/em>kq<\/strong>) behind bars (<\/em>#<\/strong>) in the White witch\u2019s jail (<\/em>WwJ<\/strong>).<\/p>\n
Only mnemonics can help with this, so we hope you like abstract and absurd imagery. You can also try drawing the scene that describes your password as shown above. Few would be able to understand the picture besides you. That\u2019s an easy way to memorize one password. But what if there are hundreds of them?<\/p>\n
How about storing passwords in a browser?<\/h2>\n
Not a good idea. To address the issue of remembering passwords, browser developers provide options to generate and save passwords right in the browsers. This is naturally very convenient: the browser itself fills in the password for you whenever needed. Unfortunately, a browser is not password manager, and storing passwords there is extremely insecure.<\/p>\n
The problem is, cybercriminals figured out a long time ago how to use simple scripts to pull passwords stored in browsers in mere seconds<\/a>. And the way browsers sync data across different devices in the cloud \u2014 such as through a Google account \u2014 is a disservice to users. All it takes is to hack or trick someone into giving up the password for that account, and all their other passwords are an open book.<\/p>\n
Use a password manager<\/h2>\n
A real password manager stores all passwords in an encrypted vault. For example, Kaspersky Password Manager<\/a>\u00a0stores all your passwords in a vault encrypted with the AES-256<\/a> symmetric encryption algorithm, used by the U.S. National Security Agency to store state secrets. The algorithm uses a main password, which only you know (even we don\u2019t know it) as the encryption key. Each time Kaspersky Password Manager<\/a> is accessed, the app requests this password from you and decrypts the vault for the current session. In this same encrypted vault you can also store other important information such as bank card numbers, document scans, or notes.<\/p>\n
Kaspersky Password Manager<\/a> offers other useful features too:<\/p>\n
- \n
- It can be used to generate unique and truly random password combinations.<\/li>\n
- It can fill in your passwords for you both on computers and mobile devices.<\/li>\n
- The app is provided for both major mobile platforms as well as macOS and Windows computers; there are also extensions for popular browsers.<\/li>\n
- The password database is synchronized across all your devices in encrypted form.<\/li>\n
- You can use it instead of Google Authenticator to generate 2FA codes for all your accounts on all your devices, including computers.<\/li>\n
- It checks if your passwords have been leaked or compromised and alerts you if you need to change any of them.<\/li>\n<\/ul>\n
With Kaspersky Password Manager<\/a>, all you need do is use the methods described above to come up with and remember one main password, which is used to encrypt the password manager vault. Just remember: you\u2019ll have to memorize this password extremely well, because if you lose it you\u2019re back to square one. No one \u2014 not even Kaspersky employees \u2014 can access your encrypted vault. We don\u2019t know your main password either.<\/p>\n
Let\u2019s recap<\/h2>\n
So how do you properly handle passwords in 2025?<\/p>\n
- \n
- Follow the guidelines above to come up with a secure main password, and use our Password Checker<\/a> service to test its cryptographic strength.<\/li>\n
- Can\u2019t think of a strong main password? Create one right there, and use mnemonic rules to memorize it.<\/li>\n
- Install Kaspersky Password Manager<\/a> on all your devices. With this app, you only need to remember the main password. The app will remember the rest for you.<\/li>\n
- Use passkeys and various two-factor authentication methods wherever possible \u2014 preferably through the app<\/a>. Combining a strong password with secure authentication methods creates a powerful synergy, which significantly enhances protection against unauthorized access to your accounts.<\/li>\n
- Read Kaspersky Daily<\/a> to stay safe.<\/li>\n<\/ul>\n
These posts can help you create the strongest passwords and manage them correctly:<\/p>\n
- \n
- How to create strong passwords and where to store them<\/strong><\/a><\/li>\n
- How hackers can crack your password in an hour<\/strong><\/a><\/li>\n
- How to store passwords securely<\/strong><\/a><\/li>\n
- Passwords 101: don\u2019t enter your passwords just anywhere they\u2019re asked for<\/strong><\/a><\/li>\n
- Kaspersky Password Manager gets a new look<\/strong><\/a><\/li>\n<\/ul>\n<\/blockquote>\n\n","protected":false},"excerpt":{"rendered":"
This is your World Password Day reminder about how to create strong passwords and remember them.<\/p>\n","protected":false},"author":2706,"featured_media":53356,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1788,7],"tags":[1147,4372,961,405,187,43,522,97],"class_list":{"0":"post-53355","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-products","9":"tag-kaspersky-password-manager","10":"tag-kaspersky-premium","11":"tag-leaks","12":"tag-password-manager","13":"tag-passwords","14":"tag-privacy","15":"tag-products-2","16":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/international-password-day-2025\/53355\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/international-password-day-2025\/28801\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/international-password-day-2025\/24033\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/international-password-day-2025\/12413\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/international-password-day-2025\/28913\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/international-password-day-2025\/28094\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/international-password-day-2025\/30932\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/international-password-day-2025\/29642\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/international-password-day-2025\/39449\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/international-password-day-2025\/13337\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/international-password-day-2025\/22766\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/international-password-day-2025\/23699\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/international-password-day-2025\/32150\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/international-password-day-2025\/37511\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/international-password-day-2025\/29083\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/international-password-day-2025\/34855\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/international-password-day-2025\/34488\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/passwords\/","name":"passwords"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=53355"}],"version-history":[{"count":8,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53355\/revisions"}],"predecessor-version":[{"id":53368,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53355\/revisions\/53368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/53356"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=53355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=53355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=53355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- How hackers can crack your password in an hour<\/strong><\/a><\/li>\n
- Follow the guidelines above to come up with a secure main password, and use our Password Checker<\/a> service to test its cryptographic strength.<\/li>\n
- LU#@^9WpYqxZ<\/em><\/li>\n
- qLUx@^9Wp#YZ<\/em><\/li>\n
- Authenticator app<\/a> like Kaspersky Password Manager<\/a>, Google Authenticator, or Microsoft Authenticator<\/li>\n
- Logging in with a third-party service<\/a> like Google, Facebook, Apple, etc.<\/li>\n