Use strong passwords

The page was last modified:

Passwords are your keys to the Internet; with them you identify yourself for various web pages and services. Strong passwords and using them intelligently is a good first step.

Your passwords must be strong if they are to protect the data stored on your digital devices as well as your email accounts, cloud services, social networks, etc. Some vendors have their own rules on how passwords must be constructed. If there are no rules, you should consider choosing a high-security password.


  • Create a strong password by putting random words together with numbers, special characters, and upper- and lower-case letters. The password should be long. For example: !karta4TYPur.
  • Use different passwords for different services. It is particularly important to use a unique password for your email. 
  • Change your password if you suspect someone knows it.
  • Do not choose passwords that can be linked to you personally, such as your car registration number or your child's social security number.
  • Avoid common words such as ‘summer’ or common letter combinations such as ‘qwerty’.
  • Use a password manager if you need to keep track of many passwords.
  • Do not give out codes or passwords to anybody.
  • Use two-factor authentication if the service offers this.
  • Memorise your passwords, make them into a chant.

Do all passwords have to be equally strong?

Regardless of whether your password is to be used for bank services or your email account, you should think about the consequences if it falls into the wrong hands. Having the same password for more than one service will affect the security of your other systems if the password is compromised. It's particularly important to have a secure and unique password for email accounts. If someone can access your email, they can easily find more passwords sent by email and then access more services.

Manage your passwords correctly

Even strong passwords can become vulnerable if they are not managed properly. A password that falls into the wrong hands can cause serious damage. Most browsers have a function for remembering the passwords you enter. Do not get into the habit of saving passwords in your browsers. If you do, others who have access to your computer can log on to services with saved passwords. Most browsers have a feature where you can delete saved passwords.

Use two-factor authentication and a password manager

If unauthorized persons know your passwords, they can use them without your knowledge. To verify that the correct password has been entered by you, some services offer an option to request a one-time code. This is known as two-factor authentication. This means that the service asks for one-time codes that are sent by email or SMS to predetermined addresses, or are created in a special app on your phone. Not all services offer this, but you are recommended to enable this function wherever possible.

You can use a password manager to manage all your passwords. This is generally an app for your mobile phone, or software for your computer, where you store your passwords. The app and its contents are protected by a unique password that should be extremely strong. Think of that password as the key to a key cabinet where you store other keys. Password managers can also help you create strong passwords.

More about information security

Did you find this information helpful?

Responsible: Swedish Agency for Economic and Regional Growth

Back to top