How do I create secure passwords?

Create, check, and manage strong passwords.

A very reliable method is the integrated password generator in Password Depot. Select the maximum length and all permitted character types to maximize entropy (randomness). Longer, random passwords are almost always stronger than short, “clever” ones.

A key advantage: You don't have to remember the complex passwords generated by the generator— they are stored securely in an encrypted password vault and can be accessed at any time. Password Depot reduces the risk of data loss by making automatic backup copies of your databases, which you can store locally, on external data carriers, servers, or in the cloud.

Weak passwords as a security risk

Which passwords are particularly popular—and insecure—in this country? The annual top list from the Hasso Plattner Institute (HPI) has shown for years that simple number sequences such as “123456” or terms such as ‘password’ or “Passwort” continue to be used frequently and can be cracked extremely quickly. Passwords like these open the door to attackers.

In addition to their general weakness, many people reuse the same password for multiple services. Password reuse means that a single leak can compromise multiple accounts.

Is my password secure?

Weak passwords are an invitation to identity theft. Brute force and dictionary attacks try common combinations (including typical patterns such as “abcde,” “qwertz,” “password1”) at high speed. Password Depot supports you with a quality analysis for each entry and warns you about easily guessable patterns or passwords that are too short.

Check your entries regularly in Password Depot: Intelligent checks help identify and replace passwords that are too weak.

Generate secure passwords – with Password Depot

Passwords should meet defined quality requirements, especially in businesses. Password Depot's password generator creates strong, random passwords and stores them in encrypted form – using AES-256 (Rijndael), an internationally standardized and highly robust method.

When logging in—e.g., to email accounts, bank accounts, or web forms—Password Depot can insert login details automatically and securely. If you want to look up a password in plain text, you can only find it in your own accessible vault.

How often should you change your passwords?

Current expert recommendation: No forced, regular password changes without cause. Change passwords if there is specific suspicion (e.g., data leak, phishing, unusual logins), if you have shared a password, if accounts are particularly sensitive, or if you have used weak/short passwords. In addition, consistently use multi-factor authentication (MFA) and, where available, modern methods such as passkeys.

Password Depot can remind you to renew certain entries if necessary: To do this, fill in the “Valid until” field and define individual deadlines for each entry.

Tips for creating secure passwords

If, in exceptional cases, you create a password without a generator, these guidelines will help:

Length: Use as many characters as allowed – in practice, this means at least 12–16. Each additional character significantly increases security.
Randomness instead of patterns: No repetitions or patterns (“aaaaa,” “ababab,” “20242025”).
Character variety: Use upper and lower case letters, numbers, punctuation marks, and special characters. If you don't use all character types, make the password longer accordingly.
No sequences: Avoid sequences and keyboard patterns such as “12345,” “abcde,” “qwertz.”
No “Leetspeak”: Predictable substitutions such as “P@ssw0rd” are known to attackers and are of little help. Instead, rely on length and randomness.
No personal data: No names, dates of birth, phone numbers, license plate numbers, etc.
No preferences: No favorite foods/clubs/places (“PizzaSalami,” “BayernMunich,” “Lake Constance”).
No “pure” dictionary words: A single known word—even if it is long—is vulnerable to dictionary attacks. Better: Passphrases consisting of several random words plus separators/numbers.
Unique per account: Use a different password for every account – never reuse one.

Tips for your master password in Password Depot

You only need to remember one password: the master password. Individual passphrases have proven effective, e.g., three to five random words with separators and optional numbers/special characters. Avoid proverbs and well-known mnemonics.

Example of a unique passphrase (only as a sample, please do not use): “I have been using secure passphrases in Password Depot for 10 years” ⇒ “I#have#been#using#secure#passphrases#for#10#years” (vary further if necessary).

It is also possible to mix words and numbers – however, the numbers should not be easily derivable data. As a general rule: Length + randomness beat tricks.

Summary

Change passwords in the event of security incidents, suspected compromise, or shared/insecure passwords – do not enforce regular changes without cause.
Maximum length and ideally use a generator.
All permitted character types or – if not – significantly increase the length.
No dictionary words alone, no names/numbers, no keyboard patterns.
No reuse of identical or similar passwords for different services (see guide).
Use a password manager such as Password Depot – then you only have to remember one master password.
Enable MFA (and use passkeys, if available).

Sources (selection)

NIST SP 800‑63B – Digital Identity Guidelines – Memorized Secrets (including minimum length, no forced periodic changes, blacklist checks).
NCSC (UK) – Why regular password changes are harmful.
BSI – Creating secure passwords, Press release: Password change, Two-factor authentication.
Hasso Plattner Institute – Most popular passwords in 2023 / ILC statistics.
NIST FIPS 197 – Advanced Encryption Standard (AES).
CISA – Use Strong Passwords, Multi‑Factor Authentication.