How to Create a Strong Password That You Will Not Forget
Pinterest Stumbleupon Whatsapp
Advertisement

The best password is one that’s hard to crack and easy to remember. Nevertheless, some of the most commonly used passwords are ridiculously easy to guess, such as “password” or “123456”. Don’t let passwords like these give you ideas! Create a strong password instead.

Even if you do have a complex password, using one and the same password for all of your online accounts is dangerous. Imagine a hacker cracked that one password The 7 Most Common Tactics Used To Hack Passwords The 7 Most Common Tactics Used To Hack Passwords When you hear "security breach," what springs to mind? A malevolent hacker? Some basement-dwelling kid? The reality is, all that is needed is a password, and hackers have 7 ways to get yours. Read More . To be safe, you should create a unique and difficult-to-crack password for all of your accounts.

So do you know how to create a good password? And how can you remember more than one of them? Here are some tips and tricks to maintain individual strong passwords for all of your online accounts.

How to Create a Strong Password

Since you’ll always have to remember at least one password, we’ll go over how to manually create a safe password first. Further down, we’ll also show you how to use a tool that can create almost uncrackable passwords and remember them for you.

The Characteristics of a Safe Password

Each password should meet the following criteria:

  • You can’t find the password in a dictionary
  • It contains special characters and numbers
  • It contains a mix of uppercase and lowercase letters
  • It contains at least 10 characters
  • It can’t be easily guessed based on user information, such as a birthdate, postal code, or phone number

Note that some accounts won’t allow you to use special characters. In that case, you should increase the length and make the password as abstract as possible. Likewise, if the password length is limited to 6 or 8 characters, make sure you cover as many of the other points as possible.

How to Remember Your Password

Even if you use a password manager, you’ll have to at least remember master password for that tool. Now how do you do that, while still following all of the criteria above? You start with something you can easily remember, a base password. Then you apply logical rules to alter your base password 6 Tips For Creating An Unbreakable Password That You Can Remember 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More into something almost unrecognizable.

Create an Easy-to-Remember Base Password

Your base password could be based on a phrase, the name of a place, or a name and phone number. Now you can use several techniques to create a good base password that you will not forget. Here are some suggestions:

  • Randomly replace letters with numbers (e.g. MakeUseOf becomes Mak3Us30f)
  • Pick a sentence and reduce it to first letters of each word only (e.g. the Golden Rule “Do to others what you want them to do to you” becomes Dtowywttdty)
  • Take a word and reverse spell it (e.g. technology becomes ygolonhcet)

The examples above are not particularly safe. While you won’t find any of the resulting base passwords in a dictionary, they are still failing other characteristics of a safe password.

how to create a strong password you won't forget

So make sure your initial word or phrase is sufficiently long (minimum 10 characters) and combines all of the principles above to introduce numbers, special characters, and upper and lower case spelling. That’s when you’ll have a safe base password.

The base password I’m going to use for here is the Golden Rule phrase with title case spelling, numbers, and special characters: D20wYWT7D2Y!(^_^)

Note that my base password meets all of the above criteria. It cannot be found in a dictionary, it contains special characters, a mix of upper and lower case letters, it is 17 characters long, and you cannot guess it based on my personal information.

Use Flexible Rules for Your Password

A computer may calculate and recognize patterns a lot quicker than the human brain. But one thing humans are still better at is being creative. That is your great advantage over hacking tools!

how to create a strong password you won't forget

As you see, in my password I replaced some letters with numbers or special characters. However, I didn’t use a stiff set of rules. I replaced the t with a 2 or a 7. Using rules for replacing characters, i.e. always replacing an a with the @ symbol will weaken your password.

Here are some ideas how you can make it even harder for a hacker to crack your password:

  • Don’t use common substitutions (e.g. @ for A or a)
  • When you have recurring letters within your password, mix your substitutions (e.g. 8 or ( for B or b)
  • Have a word and touch type it with your fingers in the etpmh (“wrong” shifted over) location
  • Pick a pattern on your keyboard and type it with alternating use of the Shift key (e.g. Xdr%6tfCvgz/)

Create Individual Passwords for Every Account

Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service, e.g. D20wYWT7D2Y!(^_^)GMa for your GMail account or D20wYWT7D2Y!(^_^)eBa for eBay.

Note that while this kind of password is hard to crack on its own, it is easy to understand. Should your customized base password ever get leaked Check Now and See If Your Passwords Have Ever Been Leaked Check Now and See If Your Passwords Have Ever Been Leaked This nifty tool lets you check any password to see if it's ever been part of a data leak. Read More , you would have to change all passwords based on it, before someone figures out your system.

We highly recommend that you use truly unique and safe passwords for all your accounts. And that’s why you need a password manager.

Use a Password Manager

Now that you created a secure base password, use it as the master password for your password manager. You can also use it whenever you have to create a password on the spot, while not having access to your password manager. For everything else, use your password manager You Need to Start Using a Password Manager Right Now You Need to Start Using a Password Manager Right Now By now, everyone should be using a password manager. In fact, not using a password manager put you at greater risk of being hacked! Read More to create and store your ultra-safe and unique passwords.

The password manager can also tell you how difficult and hence secure your passwords are. You could even use it to test the difficulty of your base password.

I use LastPass, which is a cross-platform password manager that’s free to use. We have previously reviewed LastPass The Complete Guide to Simplifying and Securing Your Life with LastPass and Xmarks The Complete Guide to Simplifying and Securing Your Life with LastPass and Xmarks While the cloud means you can easily access your important information wherever you are, it also means that you have a lot of passwords to keep track of. That's why LastPass was created. Read More and explained how to use this password manager for maximum security 8 Easy Ways to Supercharge Your LastPass Security 8 Easy Ways to Supercharge Your LastPass Security You might be using LastPass to manage your many online passwords, but are you using it right? Here are eight steps you can take to make your LastPass account even more secure. Read More .

LastPass comes with a feature called Generate Secure Password. Note how in the screenshot below, there is a full green bar underneath the password? This means it’s a strong password. A too short and/or too simple password would give you a much shorter red- or orange-colored bar.

how to create a strong password you won't forget

To create rock-solid passwords, follow this micro guide to the LastPass secure password generator.

Note that online password managers are vulnerable to hacking. Following a series of security scares in early 2017, we even recommended to temporarily stop using LastPass. Consequently, we have also compiled some alternative password managers here 5 Best LastPass Alternatives to Manage Your Passwords 5 Best LastPass Alternatives to Manage Your Passwords Many people consider LastPass to be the king of password managers; it's packed with features and boasts more users than any of its competitors -- but it's far from being the only option! Read More .

Once you have started using a password manager, you’ll find that it can do a lot more than just create and store passwords 7 Clever Password Manager Superpowers You Have to Start Using 7 Clever Password Manager Superpowers You Have to Start Using Password managers carry a lot of great features, but did you know about these? Here are seven aspects of a password manager you should take advantage of. Read More .

Update Passwords Regularly

This is the toughest part. To maintain safety with a strong password, you have to update your password every few weeks or months. The more often, the better. You can do this in several different ways. Here are some ideas that will keep it simple.

Change Only Your Base Password

  • Change the special character substitutions you’re using.
  • Reverse use of upper and lower case letters.
  • Type the password with Shift lock turned on.

Change the Entire Password

  • Change how you identify the account you’re using (e.g. use the last three rather than the first three letters, so GMa would become ail and eBa would become Bay)
  • Change the position of the letters identifying the account (e.g. put them to the front or in the middle of your base password)
  • Add the date of when you last changed the password at the back and mark it in your calendar

In other words, use your human advantage: be creative and think out of the box. And use a password manager to reduce the number of passwords you have to change manually.

Strong Passwords Everywhere

We showed you how to create a safe and easy-to-remember password. We also explained why password managers help you increase the security of your accounts. Now it’s up to you to put that knowledge into action.

How do you generate strong passwords How to Generate Strong Passwords That Match Your Personality How to Generate Strong Passwords That Match Your Personality Without a strong password you could quickly find yourself on the receiving end of a cyber-crime. One way to create a memorable password could be to match it to your personality. Read More ? Have you ever had an account hacked because the password was weak? Please share your stories and advice in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mike
    February 5, 2017 at 1:47 am

    Find a saying you like (you will be typing it over and over) and can remember. Say in Latin Carpe Diem "seize the day", transliterate (depending on the language Greek transliterates well) or translate it to English, then take one of the words and either scramble the words (the 24 is seized says Pooish) or break it into syllables and reverse them or use made up words. Say Diem Ecarp. I mix in caps and sometimes numbers as well and maybe a space or two. I have a pattern I use which I won't share, but by following a pattern of changes that you devise, you can get a good password that is easier to remember. The longer the saying the better up to fifteen letters (again, you are going to be typing it a lot).

    • Tina Sieber
      February 5, 2017 at 9:09 am

      That's a good technique. Thank you for sharing, Mike!

  2. aging techy
    January 29, 2017 at 11:08 pm

    Where in the article did she deal with not forgetting part? Only a total techy could remember a password like that, and I work in IT, but I guess she didn't have in mind helping someone over 55. I guess that's coming from someone who grew up only having to remember five digit zip codes and 7 digit phone numbers. haha

    • Tina Sieber
      January 30, 2017 at 9:30 am

      Good point. We could add a link to one of the many digital password managers out there. Also, writing your passwords down is safer than using the same password for every account. After all, it's more likely to get hacked than for someone to break into your house *and* steal your passwords.

  3. Darcie L. Alcott
    November 30, 2016 at 3:24 pm

    Methods not as easy as I was led to believe...

    • Tina Sieber
      December 1, 2016 at 11:51 am

      Well, it's all relative. If you have trouble remembering good passwords (everyone does actually), I strongly recommend to use a password manager. This will help you manage unique and complex passwords for all your accounts. And then you only have to remember one strong password - the one for the password manager.

      I use LastPass, but there are other ones, like KeePass.

  4. mkm
    September 21, 2016 at 4:41 pm

    Smiley face aside, for E1d_1D!4Y:) you're seriously going to remember the _ randomly placed between two word letters (maybe using as a comma despite a comma not shown in the song lyric source listed) and the fact that the first I (letter i) is a 1 and the second I (letter i) is a !. Really?!?!?! One month from now when log back into your bank, you're going to get that in three tries before you get locked out for a period of time or are required to call customer service? I love these articles that recommend doing the nearly impossible; maybe more possible if you're 22, have a young fresh mind, and have 1 account that matters. Funny.

    • Tina Sieber
      September 27, 2016 at 11:09 am

      Alternatively, use a password manager. :)

  5. Sina
    August 29, 2016 at 8:47 pm

    I just use a long number for my base password and it is sometimes my birthday etc.
    However i change the base of the number to some larger base than 10. It has two benefits, first it's no longer guessable with my personal infrmation and second is that it makes it shorter!

    • Tina Sieber
      August 30, 2016 at 7:53 am

      That's clever, Sina.

      Hopefully, you're using a different base for every account with another clever system and some letters for good measure.

      Using the same password everywhere remains a risk. First, given enough time, even a complex password can be cracked. For an 8-digit numbers only password, that time is probably in the range of minutes, if not seconds. Second, if one of the services you use gets hacked and your password is revealed (happens all the time), all your other accounts become immediately vulnerable.

  6. RAJ KIAN
    March 1, 2010 at 10:05 pm

    earlier i used to use pw as 123456 or even 123456789.
    my frnd use qwertyuiop or zxcvbnm.
    but currently i hv 2 ytp of pw.or 3.
    for myspace its 7letters tgen 3 nos.
    fb,twitter etc. its 7+7=14 letters thats very big. Well its combo of 2 words. n i bliv dat its next 2 impossible to crack it.
    oh n the 3rd one is 7letters dats 2nd part of my earlier pw.

    another thing which every1 shud keep in mind. Always make it a point to hv ur pw in CAPITAL LETTERS if u find it difficult 2 rember mix of upper n lower case.
    i use caps. n dey say "hey ur caps lock is on".

  7. Montana
    February 28, 2010 at 5:59 am

    You know what, these banks & email hosts would be almost completely hacker-proof if they maybe did something where the password was encrypted with two layers of security -- one, SSL, the other, an encryption algorithm that uses IP addresses. With so many different IP addresses, and the ability to change them every now and then, it would be hard for hackers to decipher the password.

    • OklyDokly
      March 15, 2010 at 7:10 am

      So, I'm curious as to why more companies aren't going the route of OTP + password for authorization...game companies are doing it, some banks are, but not all...

      Sure, you have the risk of losing your OTP generator, but without your password, that OTP generator is useless, and vice versa.

      The fact of the matter is this: Try and try as hard as you might, you will never be able to completely prevent/thwart social engineering. Yes, you can brute force or dictionary hack passwords in some cases, but the vast majority of security compromises occur through social engineering.

  8. jay
    February 27, 2010 at 9:20 am

    i use my dob as my pasword,easy to remember

  9. Versatile
    February 26, 2010 at 2:02 pm

    I currently use a great website called mashedlife.com. I use a yubikey to login for secure authentication, and all my passwords for all my online accounts are housed here.

    I use the random system to generate random and complex passwords for each and every single online account I have.

    When people ask me if I know my passwords, I literally say no I do not. In fact, if you asked me what my gmail password is off the top of my head, I honestly could not tell you because I have literally 0 passwords memorized except the main password I use to login to mashedlife.com with yubikey as the second form of online protection.

    The mashedlife.com website is never down based on my usage, and the passwords are encrypted. Sure, lastpass.com is similar site, but in general I think these are good solutions.

    • Anisa
      February 17, 2016 at 1:47 am

      You sure that it's not fake ?

  10. David
    February 26, 2010 at 11:41 am

    A comment on passwordmeter.com. I am currently working on a website for a large government agency. As part of the registration process, it is necessary to choose a password. The decision was made to incorporate the password meter into the sign-on page. In the process of doing this, I discovered an enormous bug in the password strength algorithm - which is the root cause for

    "However, if your password is too long, i.e. too safe, this test will actually fail."

    It has to do with the way it calculates the number of repeated characters - which is a major deduction in the algorithm. Consider a password like "EIDIDIFY" from the beginning of the article.

    There are 2 Ds and 3 Is in the password, for a total of 5 repeated characters. Deduction for 5 repeated characters is n*n-1 or 5*4 or 20. However, because the algorithm bug to count this determines the number by looking through the string starting at the first character and looks at each character in turn to find matches. Then looks at the next character in the string and parses again til the end, whenever there is more than 2 of any character, you get characters counted more than once. In this case the first I matches two other Is in the string. Then when you get to the second I (in pass 4), it matches the last I also. The result is the algorithm thinks there are 3 I's, 2 D's, and then another 2 I's, for a total of 7 repeated characters. 7*6=42 which is a huge deduction. If there was a third D as well, the algorithm would find 10 repeated characters for a deduction of 90. That explains why a STRONG password can turn into a WEAK password by making it longer.

  11. João Brito
    February 24, 2010 at 9:57 am

    My system for passwords works like this: I created ONE huge password with TWENTY characters, and I remember this one easily. For things that aren't that important, I use the first six chars. For things that are somewhat important, I use the first ten chars. And for things that are really really important I use the whole 20 chars password. So far, so good.
    But I liked the suggestion of using the three first letters of each service after the password, it will make my six chars password a little stronger.

  12. Buffet
    February 23, 2010 at 1:45 am

    "Test" your password? - like I'm gonna fall for that! Please.

    • Michael
      February 27, 2010 at 9:06 am

      Hi Buffet
      “Test” your password? – like I’m gonna fall for that! Please
      Other people seem to have missed this point.
      I love your comment of only 10 words.
      Like love ,it changes everything.

  13. Parand
    February 22, 2010 at 8:45 pm

    It's easy to create strong passwords that you can also remember:

    http://parand.com/say/index.php/2006/03/09/choosing-a-good-password/

    In short:

    Think of a sentence you won’t forget. Here’s one:

    I hate thinking of passwords, it’s such a hassle.

    If you really can’t think of one, pick up the closest book to you, turn to a random page, and select a random sentence.

    Now, create the password as the first letter of each word in the sentence:

    Ihtop,isah

    There you go. That is a password that is hard to crack, but easy to remember. Because you just remember the sentence.

  14. Dave
    February 22, 2010 at 11:15 am

    I've tried all these schemes and they don't work for me. I have one simple password I use for all sites that do not require financial information.

    For more critical sites, I have a complicated password that is impossible for anyone but me to know.

    But even this system breaks down because many sites now have incompatible rules. Like "no special characters allowed but you have to mix upper/lowercase and numbers." or case insensitive but must include a symbol.

    Best idea I ever heard for dealing with systems admins who like to set up schemes forcing you to have new passwords every week is to use your existing password, then just add a number to the end of it. So that could be P@ssword1, P@ssword2, etc.

    symbols for letters drives me crazy. Was it P@ssw0rd or P@ssword? I can never remember to do it consistently.

    reverse spelling? Are you crazy? It took me 3 years to learn to type "stunodniknud" as the admin password at one clever company. My brain does not work that way but after typing it hundreds of times, I now understand that DunkinDonuts is Stu Nod Nik Nud spelled backwards.

  15. Pascal
    February 22, 2010 at 8:03 am

    This is risky to type the password with SHIFT lock turned on because it will not work if you have to use a different keyboard type, when travelling by example.

  16. Lisa
    February 22, 2010 at 7:40 am

    I use Charlatan's approach and use Keepass and Dropbox. I can generate way better passwords than I could ever think up for the 100+ passwords I have and only have to remember one. I change my Keepass password every few months to a 15+ randomly generated one that I just make myself flat out memorize.

    Tina, I get what you're saying, but keep in mind that not only is Keepass open source (you can verify what the developers are doing), but the entire database is encrypted, meaning that without the password, the information inside is just a bunch of random stuff. The Keepass folks actually recommend that not only do you use a super strong password for your database, but you also use an encrypted keyfile, like a special file on your flash drive. This significantly ups your security, as not only do you have to know something (super strong password), but you have to actually have something (keyfile on a flashdrive) to open the database.

    As far as syncing with Dropbox, I believe all of your files are encrypted before being synced. If you were super worried, you could always store your Keepass database in a TrueCrypt file.

    Keepass FTW! :)

  17. Tony
    February 22, 2010 at 6:36 am

    These tips are very useful. Password Meter and PasswordBird are some great tools to come up with strong passwords. They can be kind of combined, that is, first you go to passwordbird.com and get a strong password. Then you can go to passwordmeter.com to check the password you got from passwordbird is safe or not.

  18. mwafi
    February 22, 2010 at 3:35 am

    thanks very useful

  19. AndreG
    February 22, 2010 at 3:24 am

    One trick that I have taught, is to augment the base password with the name of the site that its being used for so you get the following fl1r7Gma1l... but for added security I place a character between the fl1r7 and the gma1l, usually an '@' or '!' or even 'n', the 'n' works well for e99nch1p5 (egg n chips) Simple!!

  20. XabiK
    February 22, 2010 at 12:08 am

    Very good advices, but I've got another one: use 1Password (if you own a Mac and/or an iPhone/iPod Touch); it makes password using easier!

  21. sabat
    February 21, 2010 at 8:17 pm

    This is a fine article, but a couple of the suggestions won't help much against password cracking programs -- in particular, mixing upper and lowercase letters does practically nothing in defense of a password crack, and neither does replacing letters with numbers ("7" for "L", etc.). The cracking software is smart these days, and knows about those tricks. The basic idea here, though, will absolutely work: create a seemingly random series of characters, the longer the better.

  22. Charlatan
    February 21, 2010 at 7:05 pm

    My personal preference is to use KeePass, a free, open source password manager, in conjunction with a basic account at Dropbox, which gives me 2GB of free storage. KeePass generates extremely secure, unique passwords for everything I need to log into. No remembering multiple base passwords and variations for different sites, I just keep track of a single master password. Dropbox lets me store a portable installation of KeePass online, accessible from anywhere with an internet connection, and keeps my password database synchronized. So, even if I'm not at home, all of my passwords are still at my fingertips.

    • Tina
      February 22, 2010 at 2:11 am

      Thanks for sharing your approach, Charlatan.

      Doesn't it feel a little uncomfortable, that a single password gives access to all your other passwords and accounts? And then to store the information online...

      I'm sure doing it your way is much, much better than an easy to remember (dictionary) password. But even if in theory it was safe, I wouldn't feel very comfortable with doing it this way.

      Using a password safe, however, is a great alternative for people worried about losing or rather forgetting their passwords.

      • pevinsghost
        February 22, 2010 at 5:54 am

        I personally use a password safe on my PDA, that way I have all my passwords on me but don't have to remember them all and they are not being stored in a place accessible to anyone else. I happen to also have a safety deposit box too, so I keep a backup list there. Then if my device is lost or stolen I can use my backup list to get into all my accounts to change the passwords, and since it has all the sites listed it would act as a checklist to make sure I didn't miss any too.

      • Charlatan
        February 22, 2010 at 9:17 am

        Tina, no, I don't find it uncomfortable. As Lisa said, even if somebody got into my Dropbox account, the actual passwords are stored in a heavily encrypted database file. Not having to deal with multiple base passwords and all kinds of variations means it's much easier to make my master password that much more secure. I can, of course, let KeePass also generate my master password with enough length and entropy that I wouldn't have to worry about even the NSA figuring it out (might be a slight exaggeration for all practical intents and purposes, but still).

  23. tully
    February 21, 2010 at 6:24 pm

    Not true, the human brain is very good at remembering passwords. Dictionary attacks are always first step, and using dictionary words greatly increases the chances it will be hacked. I read that 40% of encryption can be cracked due to weak passwords.

    You may have 30+ different accounts, but classify them, forums etc with one password, and banks and other personal stuff seperate passwords.

  24. Shree
    February 21, 2010 at 6:05 pm

    Yes, I understand the importance of a UnHackable password.
    But IMHO...

    The above and many other suggestions will come at a price, Brain generally get fuzzy around 7th or 8th Character, In order to fool the Hackers, and making it a tough job (If not impossible), Aren't you setting yourself up for Social engineering hackers.

    The more complex your password is, and the more frequent you change it, A higher tendency to WRITE it down, under the keyboard, In the Diary, and with creative mind we come up with a number of places to hide these passwords, With multitude of systems, on average most have about 15+ system passwords, To me that is close to 30+.

    I have no answer, but in an eternal quest of how to balance the 15 AlphaNumericSpecialcharAndSymbol password (and add changing it every 2 Weeks) with not forced to write it under the keyboard.

    • pevinsghost
      February 22, 2010 at 5:46 am

      There are plenty of articles released lately that say you're making an error, that keeping passwords written down is not a huge security hole that many in the IT sector believe it to be. The reason being that through familiarity of doing it people are better at physical security than at info sec. Granted taking that written password and putting it under your keyboard is pretty stupid, if you were to keep it in your wallet it becomes pretty safe. Or do you get your wallet stolen and have to freeze your bank accounts and replace your credit cards every few days?

      • Tina
        February 22, 2010 at 5:58 am

        Very good point.

        Also, if you prefer to write down your password, you have the choice to write it down in a way that doesn't immediately reveal it's a password. For example, a credit card PIN can be hidden in a contact phone number or a password list could contain a dozen random character passwords, of which only every second or third is an actual password you're using etc.

        The point is to be creative because creativity is not predictable.

        • Kay
          March 27, 2017 at 8:45 am

          Tina, I have a question about my old hacked email address. I was told I could not have my email address back because it no longer existed, but I was still receiving emails from the hacked email address (along with my old contacts unfortunately). How is this possible? It was an email address I made in high school, which I stupidly had passwords & pictures saved to and rarely used. I changed my passwords, but I've always hoped there was a way I could get my pictures and contacts back from my old email address. I know this is an old post, you can email me if it is more convenient. Thank you!