Pinterest Stumbleupon Whatsapp
Ads by Google

secure passwordsOff the top of your head, how many different passwords do you have? If your answer is 10 or less, you must be using the same password for different services, which puts you at risk. On the other hand, I counted 146 passwords stored in my password manager, and that doesn’t include ones I use on an everyday basis and therefore never bothered to add. If something happened to my password manager, these passwords will be lost. There’s no way in the world I’m going to remember them all.

Having a different password for each service is a must in today’s online world, but there’s a terrible weakness to randomly generated passwords: it’s impossible to remember them all. But how can you possibly remember hundreds of passwords? The human brain is only capable of so much, isn’t it?

Three years ago, Tina wrote a fantastic post about creating good, secure passwords that are easy to remember How To Create A Good Password That You Will Not Forget How To Create A Good Password That You Will Not Forget Read More . The post includes some excellent tips, and I highly recommend that you read it too. Today, I’m going to re-visit this important subject, and fill you in on some priceless tips and tricks on creating strong, solid passwords that are impossible to guess, but will nonetheless be easy to remember.

What Makes A Password Safe?

This should be obvious to most by now, but no article about passwords is complete without it. Read these criteria even if you think you already know them, it never hurts to make sure!

  • It must be at least 8 characters long.
  • It must not contain easily guessed information such your birth date, phone number, spouse’s name, pet’s name, kid’s name, login name, etc.
  • It shouldn’t contain words found in the dictionary.
  • It should contain special characters such as @#$%^& and/or numbers.
  • It should use a variation of upper and lower case letters.

The Base Password

secure passwords

The trick to remembering a large number of passwords is having a base password you change according to the service you’re signing up to. The idea of the base password is by no means a new one, and I’m sure most of you already know all about it. To me, the real challenge is finding a good base password I can actually remember. While most suggestions for a strong base secure password include changing letters to numbers and symbols (i changes to 1 or !, s changes to $ or 5, etc.) and changing the spelling of known words (love becomes luv, to becomes 2), I find these methods confusing. This way of writing doesn’t come naturally to everyone, and you may forget what you replaced your letters with.

Ads by Google

If this method works for you, by all means, go ahead. Choosing a strong base password like “spooner”, changing it around to become $p0on3r, and attaching the service’s name to it will work great. If you’re looking for other original ways to generate a strong base password, here are some great ones.

Use A Favorite Book

choosing secure passwords

This is probably my favorite method of all, and can be really fun if you like books. Choose a book you own in paper format, open it on a random page, or find a paragraph you especially like, and locate a word you can use as the base for your password.

For example, I used Charles Dickens’s Oliver Twist. I turned to page 109 at random, and found the word “jocularity”. This is the 4th word on line 33 on this page, and therefore my base password can be 109jocularity334. You can use a paragraph number instead of line number, if you wish, and play around with the numbers to place them in a way that’s easier for you to remember. For good measure, you can add some symbols in strategic place.

You can even go ahead an mark the word in the book with a pencil, to make sure you can find it again if you happen to forget the password. Just don’t keep the book next to your computer!

Example for full password: 109$jocluarity33#4MUO

Play Around With Vowels

This is a method you can use for the base password and the way you append the service’s name. There are many ways to do this creatively, one of which is taking a favorite phrase or activity and removing the vowels from it. You can also use the vowels again at the end of the password, to make it really hard to guess.

For example, I like to ride horses, so I can take the phrase “Ride A Horse”, remove the vowels, and get this: “RdHrs”. I can now choose to append the vowels at the beginning or end of the password, like this: “RdHrsieAoe”. This looks completely random, but it’s actually not, and if you know what phrase you used, you can be typing it quickly in no time. If you want to make it more secure by replacing some letters with numbers or symbols, go right ahead. You can also attach a number or symbols you know you’ll remember, but don’t use something too obvious like your postal code or date of birth.

When appending the service’s name, you can also play around with vowels. For example, let’s say you’re creating a password for Amazon. You can use the first two vowels and first two consonants of the service, and end up with “mzAa”. You can get really creative with this, and find the way that’s easiest for you to remember, but as long as you stick with the same method all the time, you should be in the clear.

Example for full password: RdHrsieAoe#285$Mkae

Use Motor Patterns

choosing secure passwords

This is a cool tip I found over at, and one I’ve been using for codes and such all my life without even realizing. Motor patterns are not about remembering actual passwords. Rather, you remember the pattern your fingers take when typing that password on your keyboard. Have you ever remembered a code you have to punch in or a phone number by the pattern you use to dial it? This is the same thing, and can be used to generate passwords that look completely random, but are easy for you to remember.

There are many ways you can go about creating such a password, but my favorite way is to base it on a number you know you’ll remember (again, nothing too obvious!). Let’s take 285, for example. The easiest way to create a pattern out of it would be to use the letters that are directly below these numbers on my keyboard. For example, 2wsd8ikl5tgh. Looks completely meaningless, doesn’t it? You can spruce it up with more complex patterns, upper case letters and symbols, but don’t go too far, or you might forget your password!

If you really want to play safe, you can continue with motor patterns when appending the service’s name as well. For example, by using the letters to the left of each key, MUO can turn to MnUyOi.

Example for full password: 2wsd8ikl5tghMnUyOi

Connect The First Letters Of A Passphrase

This s a fun way to create passwords that are really easy to remember. Pick a phrase you love, such as “Love Makes The World Go Round”, and use the first letter of each word to create a new word: LMTWGR. You can now use this base password in any number of creative ways. Some ideas are: reverse it, add numbers and/or symbols you’ll remember, or use first and last letters of each word (LeMsTeWdGoRd).

Now all you have to do is append the service’s name, and you’re done.

Example for full password: Le2Ms8Te5Wd#Go$RdMUO

Mix Words

This a great way to create secure passwords, but I find it a bit harder to use and remember without getting confused. Nevertheless, it’s still a very useful method, and since our brains don’t all work the same, I’m sure some of you will love it.

Take a phrase, activity, etc. with two or three words, and mix the letters up so all first letters come first, all second letters come second, and so on. For example, if my phrase is “chocolate milkshake“, my password will look like this: cmhiolckoslhaatkee. You don’t have to choose such long words, of course, you can always go for something like “eat cake” – ecaatke. It all depends on how secure you want to be.

If you want to take it a step further, use capital letters for one word and lower-case letters for the other. You can also insert your favorite number/symbol combination, as I’ve been doing with my other examples. The final step is to append your service name, and you’re done.

Example for full password: cMhIoLcLoLlHaAtKeE285MUO


choosing secure passwords

Reversing words is an obvious yet effective way to create secure passwords. Although I love black cats, my password can never be or include the phrase “Black Cat”. By reversing this phrase to taCkcalB or kcalBtaC, I get something that looks pretty much random, and is a much better fit for a base password. Some symbols and numbers could make it even more secure.

You can also use the reverse method on the service name. If you’re creating a password for eBay, try appending yaBe instead.

Example for full password: kcalB#$taC285OUM

Add Spaces

You may not be aware of this, but many services allow spaces in the passwords you create for them. I would not rely on spaces for your base password, as some services will not allow you to use them and you’ll be stuck, but you can try adding a space between your base password and service name, and see if that works. If it does, it’s another layer of security for your password.

Check Your Password

Now that you’ve devised a base password you can remember, it’s time to check how secure it really is. HowSecureIsMyPassword will tell you how long it would take a desktop PC to crack your secure password, and also provide you with tips on how you can improve it.

secure passwords

The Password Meter is also a great place to check your password, and gives your password a score from 1 to 100. It provides detailed feedback and suggestions on how you can improve your password.

These Are Just Some Suggestions

There are endless ways to create memorable and strong passwords. Remember that even the methods mentioned above are only examples, each of them can be used in slightly different ways to create completely different results. Go with what you think would be the easiest for you to remember, and build your password around that. As long as you follow the basic guidelines, and use the same rules for all your passwords, you shouldn’t have problems.

If you’re not convinced, and would rather continue with random ones, find the best ways to manage your passwords Use A Password Management Strategy To Simplify Your Life Use A Password Management Strategy To Simplify Your Life Much of the advice around passwords has been near-impossible to follow: use a strong password containing numbers, letters and special characters; change it regularly; come up with a completely unique password for each account etc.... Read More . If you need further help in managing your huge password collection, head over to our password management guide for some priceless information.

How do you create secure passwords that are easy to remember? Have some tips to share? Tell us in the comments!

Image credit: Lock image via Shutterstock, Password image via Shutterstock, Woman search book image via Shutterstock, Keyboard image via Shutterstock, Turn back sign image via Shutterstock

  1. New comment
    July 18, 2016 at 5:14 pm

    Creating a strong password

    To keep your account safe, here are a few tips on how to create a strong password:
    Use a unique password for each of your important accounts
    Use a different password for each of your important accounts, like your email and online banking accounts. Re-using passwords is risky. If someone figures out your password for one account, that person could potentially gain access to your email, address, and even your money.
    Use a mix of letters, numbers, and symbols in your password
    Using numbers, symbols and mix of upper and lower case letters in your password makes it harder for someone to guess your password. For example, an eight-character password with numbers, symbols and mixed-case letters is harder to guess because it has 30,000 times as many possible combinations than an eight-character password with only lower case letters.
    Don’t use personal information or common words as a password
    Create a unique password that's unrelated to your personal information and uses a combination of letters, numbers, and symbols. For example, you can select a random word or phrase and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as "sPo0kyh@ll0w3En"). Don’t use simple words or phrases like "password" or "letmein," keyboard patterns such as "qwerty" or "qazwsx," or sequential patterns such as "abcd1234" which make your password easier to guess.
    Make sure your backup password options are up-to-date and secure
    Make sure to regularly update your recovery email address so that you can receive emails in case you need to reset your password. You can also add a phone number to receive password reset codes via text message.
    Many websites will also give you the option of answering a security question if you forget your password. If you can create your own question, try to come up with a question that has an answer only you would know. The answer shouldn't be something that someone can guess by scanning information you've posted online on blogs or social networking profiles. If you have to choose a question from a list of options, such as the city where you were born, try to find a way to make your answer unique by using some of the tips above. That way even if someone guesses the answer, they won't know how to enter it correctly.
    Keep your passwords secure
    Don't leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. If you decide to save your passwords in a file on your computer, create a unique name for the file so people don't know what's inside. Avoid giving the file an obvious name, such as "my passwords." If you have a difficult time remembering multiple passwords, a trusted password manager may be a good solution. Spend a few minutes checking out the reviews and reputations of these services.

    Add an extra layer of security
    Once you’ve created a password, you can add an extra layer of security by enabling 2-Step Verification. 2-Step Verification requires you to have access to your phone, as well as your username and password, when you sign in to your Google Account. This means that if someone steals or guesses your password, they still can't sign in to your account because they don't have your phone. Now you can protect yourself with something you know (your password) and something you have (your phone).

  2. anonymous
    December 2, 2015 at 1:33 pm

    do not ever enter the password in password validation sites.
    you have no clue if your password will be stored and used for cracking.

  3. Maria Malonzo
    November 4, 2015 at 8:22 am

    I tried my new passphrase and it will take sextillion years to be cracked. I don't even know how long that will take. Awesome!

  4. Hannah
    December 28, 2014 at 1:19 pm

    Hey I typed in how to make creative passwords but the web will only pop up non-creative. Ones and it makes me so mad

  5. Ann Shea
    April 19, 2013 at 2:15 pm

    Some good ideas. I try to use the same passwords for sites I visit often but it's a pain when I have to reset one of them. I also like to use a cloud based document like Google Docs, Gmail contacts, or Evernote to store info, so I can access it anywhere, but you have to not forget the password to log into THOSE sites. Having a password reset tied to your phone for SMS messages is a great service now offered by smart sites.

    Another idea is to take a regular word and substitute numbers for some of the vowels. In this instance the world VOWEL might become V0W31... You use numbers that look like the vowel, so O is 0; E is 3, and L is 1.

    When I saw the note about using a real book to generate some base words for passwords, I thought what a great idea it would be to use a book's blank end pages or inside cover to write down key passwords. No one would look there...kind of like the old hide your jewelry inside tupperware in the fridge. LOL.

  6. Selva Kumar
    April 19, 2013 at 4:47 am

    wow really nice and usefull .. Thanks Yaara Lancet

  7. Trovolve
    April 18, 2013 at 5:52 pm

    i used to have these kind of passwords, until i came to live in France.

  8. cosanova
    April 18, 2013 at 3:55 pm

    By the way, I turned the wifi off and changed the password a bit when checking it, the site seems to just use Javascript to make the math but you never know...

  9. cosanova
    April 18, 2013 at 3:53 pm

    My system gives me a password of 10 vigintillion years, I think that is around (4 x 10^37) times stronger than 255 septillion years.

  10. Manuth Chek
    April 18, 2013 at 12:28 pm

    What about the order of Dvorak keyboard layout (and not OWERTY)?

  11. cosanova
    April 18, 2013 at 11:33 am

    Mix different languages in the password at the same time you switch letters with numbers. Dictionary attacks normally are based in English, maybe in some other major language. Random phrases ("I like peanuts while shaving my feet") in mixed languages are impossible to guess, let alone with the number trick. And these are easy to remember -unless you are monolingual...

  12. Dave Otee
    April 18, 2013 at 4:28 am

    to keep it vote is with all those that said LastPass. That one saves my butt everytime. I do the best I can to remember most of mine (says me), only to learn that the more i think I know, the less I actually do. Great article also. Thanks for all the suggestions, they are great ideas.

    April 16, 2013 at 1:32 pm

    This tip is quite useful for me as i have many online properties that i log on to ( both for me and on behalf of others) Well written peice

  14. julien c
    April 14, 2013 at 1:42 am

    lastpass is a very good program. Make sure you have a secure master password

  15. Graham Richardson
    April 12, 2013 at 6:45 pm

    As well as the really annoying restrictions some site put on passwords there are a few which require regular changes. I have at least 5 at work 3 needing to be changed every 4 weeks and two every 6 months. I have a fairly simple system of a set password (random letters) and then a number which goes up 1 each 4 weeks. I then change all the others at the same time so they use the same number. I just need to have the number written down (away from the PC). Even then its annoying that each service has its own rules - with two not allowing the use of any non alphanumeric characters which is really annoying!

  16. Patrick
    April 12, 2013 at 6:26 pm

    Interesting, if complex, ways to create somewhat memorable passwords. Unfortunately, as Ars Technica pointed out a while back, all these "clever" password methods are now well known to serious hackers. Check out their explanation:

    • Yaara Lancet
      April 13, 2013 at 1:30 pm

      Thanks, Patrick, interesting read!

    • Charlie O.
      April 17, 2013 at 12:18 am

      Wow. That's an eye-opener. I used to think having my full name as my gmail address was cool. Now I think, if they have my name and email, cant they get my location and then phone number? How strong would 2 factor be then?

      I realize that just HAVING my phone number doesn't mean they can use my phone, or receive texts, but when I read the ARS-T article, it suddenly seems that even completely random PWs can be brute forced, and length of phrase now seems like just a race against time. Cell phones are safe, but the computers that run them are only as safe as the tech those companies can buy.

      Recently, I learned on NPR that the Chinese have an actual brigade in the military devoted to hacking. I think I like the rule, "Don't put anything online that you don't want EVERYONE to know."

  17. Manide
    April 12, 2013 at 5:32 pm

    Using Lastpass is more productive than creating passwords by yourself IMHO. Also, two-factor authentication when it's possible.

  18. Chinmay Sarupria
    April 12, 2013 at 2:19 pm

    These passwords are also hard to remember. The only thing that can be done is generate mixed strong passwords and then store them in LastPass.

  19. macwitty
    April 12, 2013 at 1:50 pm

    I have given up when it comes to having passwords that I will remember myself. Have tried different methods but there are too many sites that require passwords for me to remember them. Worst it is with those I not used very often. Today I have three really strong passwords that I can remember - the rest is in 1Password. The tree I remember is a combination of misspelled words, numbers and space

  20. Darrell Walery
    April 12, 2013 at 12:06 pm

    These are great tips but pretty complicated. Here is a post I did that gives you some simpler ways to create secure passwords. Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?
    Some are similar but a bit simpler.

    • dragonmouth
      April 12, 2013 at 1:54 pm

      "Here is a post I did that gives you some simpler ways to create secure passwords."

      Simpler ways lead to simpler, less secure password. Input the sample passwords provided by the site you mention into's analyzer. You will find that First Letters of a Phrase and Random Word methods lead to very weak passwords.

      "Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?"

      That depends on how much you value the information you are trying to protect, and/or whether you mind your PC being used as a zombie. Do you mind someone unauthorized using your WiFi?

  21. Helen
    April 12, 2013 at 10:55 am

    I thought I had a system down for passwords and then discovered that keyboards on smart phones do not match keyboards on my pc an I now have all kinds of headaches when I need to put a password into my I phone. (One I made up on my PC at home)

    • Scott M
      April 12, 2013 at 11:02 am

      That happened to myself as well.Drove me crazy for a while.I had to redo quite a few passwords.

  22. Scott M
    April 12, 2013 at 10:38 am

    I use sticky password.I find it the best.

  23. Kuriakopoulos Marios
    April 12, 2013 at 9:34 am

    really interesting article!! thank you.
    i had never thought of using the service name in the end of the password.
    You made me think of redesigning all my passwords!

  24. techguyknows
    April 12, 2013 at 8:31 am

    HowSecureIsMyPassword can be inaccurate at times. A simple word can take a long time to crack?

    • Yaara Lancet
      April 12, 2013 at 11:37 am

      Which word did you use? For most simple words I tried it returned either "instantly" or several hours. The most I got was several days for very long words.

      • dragonmouth
        April 12, 2013 at 1:40 pm

        ROTFLMO!!! HowSecureIsMyPassword is a JOKE. It puts more value on QUANTITY of characters in a password than on their QUALITY. I put in the 26 letters of the English alphabet, in order, lower case into their "analyzer". I was told that it would take 430 quintillion years to crack it. Both you and I know that even an incompetent hacker can crack that password in seconds. and provide a more stringent analysis of the security of a a prospective password.

        On the surface your tips seem great but they all exhibit a pattern. Once a hacker determines a pattern, his/her job becomes easier by orders of magnitude. If you want really want to be secure you need to generate random characters passwords using a password generator, such as PassGen or, and then using a password manager.

        However, the Achilles heel of LastPass, KeePass and other password managers is that if their password is compromised, all others in the vault are available to the nogoodnik.

        • Yaara Lancet
          April 13, 2013 at 1:28 pm

          Thanks for the feedback, dragonmouth. Right to the point, as usual. :)

  25. suneo nobi
    April 12, 2013 at 6:31 am

    Agreed,but an application like KeePass would streamline the process a little as well as protect from the keyloggers with additional entropy...........................

    • Yaara Lancet
      April 12, 2013 at 11:35 am

      Very true. Password managers are great, as I mention in the first paragraph of this article... :)

  26. Nevzat A
    April 12, 2013 at 5:56 am

    Great suggestions, Yaara, many thans for the article.

  27. Kirby
    April 12, 2013 at 5:55 am

    I usually choose a password related to the site / service I'm using so it would be easier to remember.

  28. Bogdan Chirita
    April 12, 2013 at 5:37 am

    good article. one of my passwords takes 125 million years to break, according to HowSecureIsMyPassword.

    • Sam
      April 12, 2013 at 8:29 am

      And now, HowSecureIsMyPassword knows your password, too :)))

      • Chris Marcoe
        April 13, 2013 at 5:31 pm

        Change a single letter in it and they don't. Change a few #s and they won't know it. they are jsut looking to see what the digit is, like, capital/lower case/number/symbol. It doesn't matter what the value is.

  29. Chris
    April 12, 2013 at 5:25 am

    A vote for Lastpass from me. 80 sites all with different randomly generated passwords.

    Another point of view to the whole invent-your-own:

    The more complicated I have to make the password, the more likely I am to write it down.

    Also, if you run a website that allows account creation, please stop restricting me. My bank allows a max of 16 characters. An MMO I play allows me to use a 21 character password of my choice. According to all the password strength checkers I've tried, the MMO is orders of magnitude more secure. There's literally no reason for length restrictions since the password should be stored as a hash.

    • Yaara Lancet
      April 12, 2013 at 11:35 am

      That's a good xkcd, thanks for sharing that. :)

      As for password managers, I use one myself, as I mentioned in the first paragraph of this post. The post is for those who want to avoid that or just want passwords they can also remember.

  30. Shaun Campbell
    April 12, 2013 at 4:35 am

    ...or just use Lastpass.

    • Yaara Lancet
      April 12, 2013 at 11:33 am

      Yeah... that's covered in the intro paragraph. :)

  31. Pooja
    April 12, 2013 at 1:51 am

    Interesting post... but in some cases sites don't allow special chars. then what can be done in that case?

    • Yaara Lancet
      April 12, 2013 at 11:31 am

      Just don't use special characters in those. Although I believe most websites allow characters such as @#$% in passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *