Smarter. Easier. Banking that puts you in control.

Create a Strong Password for your Account.

What is the purpose of a strong password?

Passwords are strings of characters used in conjunction with an account that act as a security access key. Password security is crucial to preventing unauthorized access to accounts across the internet. So many websites, services, portals, apps, etc. see developing strong password security as essential. Along with other security features, strong passwords help to prevent your account from being hacked, prevent identity theft, and ensure that your personal information safe from unauthorized users. For maximum account security, strong passwords should be difficult for both humans and machines to figure out.

What are the most common passwords?

Change your password immediately if you use one of these passwords below, or a similar variation. According to SplashData, a market research company who compiled the top 100 most common passwords from more than five million passwords that were leaked by hackers in 2017, "use of any of the passwords on this list put users at grave risk for identity theft."

Top 25 Most Common Passwords – Avoid These!

2018 Ranking Password 2017 Ranking
1 123456 (Unchanged from 2017)
2 Password (Unchanged from 2017)
3 123456789 (#6 in 2017)
4 12345678 (#3 in 2017)
5 12345 (Unchanged from 2017)
6 111111 (New for 2018)
7 1234567 (#8 in 2017)
8 sunshine (New for 2018)
9 qwerty (#7 in 2017)
10 iloveyou (Unchanged from 2017)
11 princess (New for 2018)
12 admin (#11 in 2017)
13 welcome (#12 in 2017)
14 666666 (New for 2018)
15 abc123 (Unchanged from 2017)
16 football (#12 in 2017)
17 123123 (Unchanged from 2017)
18 monkey (#15 in 2017)
19 654321 (New for 2018)
20 !@#$%^&* (New for 2018)
21 charlie (New for 2018)
22 aa123456 (New for 2018)
23 donald (New for 2018)
24 password1 (New for 2018)
25 qwerty123 (New for 2018)

Is my password strong?

The Defense Department's research agency, DARPA, released a study in 2013 that tracked passwords at a Fortune 100 company and found that about half of all passwords followed common patterns. Certain programs for password hacking use this tidbit of information to take advantage of common human-made password patterns to “crack” the code and gain entry.

Strong passwords avoid the common password patterns in order to prevent these cracking programs from guessing your password easily.

The top three most common password patterns were:

The top three most common password patterns were:

  • One uppercase, five lowercase and three digits (Example: Sunset123)
  • One uppercase, six lowercase and two digits (Example: Defense12)
  • One uppercase, three lowercase and five digits (Example: Rose12345)

How to create a unique and strong password.

Aside from the occasional family or significant other account snooper, most password hacking comes in the form of password cracking programs. These programs can go through hundreds of character combinations in a short amount of time. As technology gets better, the time it takes to go through millions of attempts is shortened from months to days. Shorter passwords are much easier to crack, making longer passwords more secure. Password hackers use different known dictionaries: English words, names, foreign words, phonetic patterns and so on; two digits, dates, single symbols, etc. They run the dictionaries with various capitalizations and common substitutions: “$” for “s”, “@” for “a”, “1” for “l” and so on. These password cracking programs may exploit any opportunity to use what is already known about you to help improve the accuracy of the cracking software.

While there are many techniques to creating a strong password, for maximum password security the basic guidelines are:

  1. The password should be at least 10 characters long (12-16 character passwords preferable; the longer the better).
  2. It has to contain a random collection of letters (uppercase and lowercase), numbers and symbols (avoid predictable words and patterns).
  3. Each password should be unique for the account; don't use the same password everywhere (A hacker will go after your other online accounts with that same password).
  4. Remember it; do not write it down where it could be found by an unauthorized user.

Random Password Generator

While the hardest to remember, passwords from a random password generator are truly random and thus secure. For any passwords created in this manner, using a Password Manager program will assist in keeping track of the passwords for each website.

The 'Sentence Technique' for Creating Unique Passwords you can remember.

Remembering a password in this technique is tied into remembering a complete sentence. Rather than having to recall letters or numbers, each digit is created by the remembered sentence.

The full-sentence technique works like this: Think of an everyday phrase that you can remember, like "My #1 favorite thing in the world is my cat, Boots," or "I bought my house for $1." Be sure to choose a sentence that includes opportunities for numbers or special characters naturally.

Then that sentence is broken down and converted to a password by grabbing the first letter of each word. "I bought my house for $1" then becomes Ibmhf$1. "My #1 favorite thing in the world is my cat, Boots" then becomes M#1ftitwimcB. Longer sentences as passwords are more memorable than the same number of random letters and numbers.

The 'Cypher Technique' for Creating a Strong Password you can Remember:

This method revolves around creating a simple encryption code to run your password through in order to create a strong password that is unique for each website.

  1. Begin by choosing a two-syllable word. For example, “pillar”.
  2. Use the number of characters from the website home address as the random number for the password.
  3. Pick a special character.
  4. Arrange the password as: (First syllable of word, number of characters in website address, all CAPS for the last syllable of word, the special character, then followed by the name of website or portion of the website name). For example, the password for Walmart would be “pil7LAR#walmart,” or the password for Google would be "pil6LAR#google."

Final Tips for Password Security and Management:

  • If a site offers two-factor authentication, use it. With two-factor authentication, a text message gets sent when logging in from a new computer.
  • Do not save passwords or use “remember me” on public computers.
  • If you absolutely need to write down your passwords, keep written passwords stored securely in a safe or a safe-deposit box so that authorized people can only access it in an emergency.
  • Do not change your passwords, unless you suspect they have been compromised. It has been discovered that changing your password regularly does not have an effect on the likelihood of it being hacked.

Learn more about the confidence and control you’ll have with digital banking from Santander.


Santander Bank does not provide financial, tax, or legal advice and the information contained in this article does not constitute tax, legal, or financial advice. Santander Bank does not make any claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained in this article. Readers should consult their own attorneys or other tax advisors regarding any financial strategies mentioned in this article. These materials are for informational purposes only and do not necessarily reflect the views or endorsement of Santander Bank.