Pinterest Stumbleupon Whatsapp

strong passwordPasswords can be a key to many things, for example your emails, your Facebook profile, or your bank account. Did you know that some people still use passwords like “password” or “123456”? Needless to say, it’s dangerous to use one and the same simple password for all of your online accounts. Imagine a hacker cracked that one password? To be safe, you should create unique and difficult to crack passwords.

So do you know how to create a good password? And how can you remember more than one of them? Here are some tips and tricks to maintain individual strong passwords for all of your online accounts.

Know The Characteristics Of A Safe Password

  • it cannot be found in a dictionary.
  • it contains special characters and numbers.
  • it contains a mix of upper and lower case letters.
  • it has a minimum length of 10 characters.
  • it cannot be guessed easily based on user information (birthdate, postal code, phone number etc.)

Create An Easy To Remember Base Password

You can use several techniques how to create a good password that you will not forget. Here are some suggestions.

  • Randomly replace letters with numbers, e.g. flirt becomes fl1r7.
  • Pick a sentence, i.e. your passphrase, and reduce it to first letters of each word only, e.g. “Everything I Do I Do It For You” becomes EIDIDIFY.
  • Take a word and reverse spell it, e.g. neighborhood becomes doohrobhgien.

These examples are not very safe. While none of the words can be found in a dictionary, they are still failing other characteristics of a safe password. Try to find a combination that allows you to incorporate all characteristics.

The base password I’m going to use for this password is “E1d_1D!4Y:)“.

Note that my base password meets all of the above criteria. It cannot be found in a dictionary, it contains special characters, a mix of upper and lower case letters, it is 11 characters long, and cannot be guessed based on my personal information (unless you suspect that I like Bryan Adams).

Be Creative & Think Out Of The Box!

A computer may calculate faster than you can recognize patterns a lot quicker than any human brain, but one thing it cannot do is be creative. That is your great advantage over hacker tools!

As you see, in my password I replaced some letters with numbers or special characters. However, I didn’t use a stiff set of rules. I replaced the “I” with a “1” or a “!”. Using rules for replacing characters, i.e. always replacing an “a” with the “@” symbol will weaken your password.

Here are some ideas how you can make it even harder for a hacker to crack your password:

  • Don’t use common substitutions, e.g. @ for A/a.
  • When you have recurring letters within your password, mix your substitutions, e.g. 8 or ( for B/b.
  • Have a word and touch type it with your fingers in the etpmh (wrong) location. Keep in mind that you may switch keyboard types.
  • Pick a pattern on your keyboard and type it with alternating use of the SHIFT key, e.g. Xdr%6tfCvgz/

Test Your Password

Do you want to make sure your password is indeed safe? [NO LONGER WORKS] The Password Meter will reveal details about the strengths and weaknesses of your password. However, if your password is too long, i.e. too safe, this test will actually fail.

how to create a good password

Create Individual Passwords For Every Account

Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service, e.g. “E1d_1D!4Y:)GMa” for your GMail account or “E1d_1D!4Y:)eBa” for eBay.

Be Super Safe

To be super safe, you should have TWO base passwords. They will be used to keep important and not so important accounts separate. You would use one password for sites which hold personal information or credit card details, such PayPal or GMail. The second password would be used for forums and similar sites that would not be of great harm if hacked. However, the passwords should be equally strong.

Update Passwords Regularly

This is the toughest part. To maintain safety with a strong password, you have to update your password every few weeks or months. The more often, the better. You can do this in several different ways. Here are some ideas that will keep it simple.

Change your base password only:

  • Change the special character substitutions you’re using.
  • Reverse use of upper and lower case letters.
  • Type the password with SHIFT lock turned on.

Change entire password:

  • Change how you identify the account you’re using, e.g. use the last three rather than the first three letters (GMa would become ail or eBa would become Bay).
  • Change the position of the letters identifying the account, e.g. put them to the front or in the middle of your base password.
  • Add the date of when you last changed the password at the back and mark it in your calendar.

In other words, use your human advantage: be creative and think out of the box.

If you don’t feel safe with “easy to remember” passwords, you will enjoy Stefan’s article on 5 Free Password Generators For Nearly Unhackable Passwords 5 Free Password Generators For Nearly Unhackable Passwords 5 Free Password Generators For Nearly Unhackable Passwords Read More .

Do you have any additional tips on how to create a strong password?

Image credit: railking

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mike
    February 5, 2017 at 1:47 am

    Find a saying you like (you will be typing it over and over) and can remember. Say in Latin Carpe Diem "seize the day", transliterate (depending on the language Greek transliterates well) or translate it to English, then take one of the words and either scramble the words (the 24 is seized says Pooish) or break it into syllables and reverse them or use made up words. Say Diem Ecarp. I mix in caps and sometimes numbers as well and maybe a space or two. I have a pattern I use which I won't share, but by following a pattern of changes that you devise, you can get a good password that is easier to remember. The longer the saying the better up to fifteen letters (again, you are going to be typing it a lot).

    • Tina Sieber
      February 5, 2017 at 9:09 am

      That's a good technique. Thank you for sharing, Mike!

  2. aging techy
    January 29, 2017 at 11:08 pm

    Where in the article did she deal with not forgetting part? Only a total techy could remember a password like that, and I work in IT, but I guess she didn't have in mind helping someone over 55. I guess that's coming from someone who grew up only having to remember five digit zip codes and 7 digit phone numbers. haha

    • Tina Sieber
      January 30, 2017 at 9:30 am

      Good point. We could add a link to one of the many digital password managers out there. Also, writing your passwords down is safer than using the same password for every account. After all, it's more likely to get hacked than for someone to break into your house *and* steal your passwords.

  3. Darcie L. Alcott
    November 30, 2016 at 3:24 pm

    Methods not as easy as I was led to believe...

    • Tina Sieber
      December 1, 2016 at 11:51 am

      Well, it's all relative. If you have trouble remembering good passwords (everyone does actually), I strongly recommend to use a password manager. This will help you manage unique and complex passwords for all your accounts. And then you only have to remember one strong password - the one for the password manager.

      I use LastPass, but there are other ones, like KeePass.

  4. mkm
    September 21, 2016 at 4:41 pm

    Smiley face aside, for E1d_1D!4Y:) you're seriously going to remember the _ randomly placed between two word letters (maybe using as a comma despite a comma not shown in the song lyric source listed) and the fact that the first I (letter i) is a 1 and the second I (letter i) is a !. Really?!?!?! One month from now when log back into your bank, you're going to get that in three tries before you get locked out for a period of time or are required to call customer service? I love these articles that recommend doing the nearly impossible; maybe more possible if you're 22, have a young fresh mind, and have 1 account that matters. Funny.

    • Tina Sieber
      September 27, 2016 at 11:09 am

      Alternatively, use a password manager. :)

  5. Sina
    August 29, 2016 at 8:47 pm

    I just use a long number for my base password and it is sometimes my birthday etc.
    However i change the base of the number to some larger base than 10. It has two benefits, first it's no longer guessable with my personal infrmation and second is that it makes it shorter!

    • Tina Sieber
      August 30, 2016 at 7:53 am

      That's clever, Sina.

      Hopefully, you're using a different base for every account with another clever system and some letters for good measure.

      Using the same password everywhere remains a risk. First, given enough time, even a complex password can be cracked. For an 8-digit numbers only password, that time is probably in the range of minutes, if not seconds. Second, if one of the services you use gets hacked and your password is revealed (happens all the time), all your other accounts become immediately vulnerable.

    March 1, 2010 at 10:05 pm

    earlier i used to use pw as 123456 or even 123456789.
    my frnd use qwertyuiop or zxcvbnm.
    but currently i hv 2 ytp of pw.or 3.
    for myspace its 7letters tgen 3 nos.
    fb,twitter etc. its 7+7=14 letters thats very big. Well its combo of 2 words. n i bliv dat its next 2 impossible to crack it.
    oh n the 3rd one is 7letters dats 2nd part of my earlier pw.

    another thing which every1 shud keep in mind. Always make it a point to hv ur pw in CAPITAL LETTERS if u find it difficult 2 rember mix of upper n lower case.
    i use caps. n dey say "hey ur caps lock is on".

  7. Montana
    February 28, 2010 at 5:59 am

    You know what, these banks & email hosts would be almost completely hacker-proof if they maybe did something where the password was encrypted with two layers of security -- one, SSL, the other, an encryption algorithm that uses IP addresses. With so many different IP addresses, and the ability to change them every now and then, it would be hard for hackers to decipher the password.

    • OklyDokly
      March 15, 2010 at 7:10 am

      So, I'm curious as to why more companies aren't going the route of OTP + password for companies are doing it, some banks are, but not all...

      Sure, you have the risk of losing your OTP generator, but without your password, that OTP generator is useless, and vice versa.

      The fact of the matter is this: Try and try as hard as you might, you will never be able to completely prevent/thwart social engineering. Yes, you can brute force or dictionary hack passwords in some cases, but the vast majority of security compromises occur through social engineering.

  8. jay
    February 27, 2010 at 9:20 am

    i use my dob as my pasword,easy to remember

  9. Versatile
    February 26, 2010 at 2:02 pm

    I currently use a great website called I use a yubikey to login for secure authentication, and all my passwords for all my online accounts are housed here.

    I use the random system to generate random and complex passwords for each and every single online account I have.

    When people ask me if I know my passwords, I literally say no I do not. In fact, if you asked me what my gmail password is off the top of my head, I honestly could not tell you because I have literally 0 passwords memorized except the main password I use to login to with yubikey as the second form of online protection.

    The website is never down based on my usage, and the passwords are encrypted. Sure, is similar site, but in general I think these are good solutions.

    • Anisa
      February 17, 2016 at 1:47 am

      You sure that it's not fake ?

  10. David
    February 26, 2010 at 11:41 am

    A comment on I am currently working on a website for a large government agency. As part of the registration process, it is necessary to choose a password. The decision was made to incorporate the password meter into the sign-on page. In the process of doing this, I discovered an enormous bug in the password strength algorithm - which is the root cause for

    "However, if your password is too long, i.e. too safe, this test will actually fail."

    It has to do with the way it calculates the number of repeated characters - which is a major deduction in the algorithm. Consider a password like "EIDIDIFY" from the beginning of the article.

    There are 2 Ds and 3 Is in the password, for a total of 5 repeated characters. Deduction for 5 repeated characters is n*n-1 or 5*4 or 20. However, because the algorithm bug to count this determines the number by looking through the string starting at the first character and looks at each character in turn to find matches. Then looks at the next character in the string and parses again til the end, whenever there is more than 2 of any character, you get characters counted more than once. In this case the first I matches two other Is in the string. Then when you get to the second I (in pass 4), it matches the last I also. The result is the algorithm thinks there are 3 I's, 2 D's, and then another 2 I's, for a total of 7 repeated characters. 7*6=42 which is a huge deduction. If there was a third D as well, the algorithm would find 10 repeated characters for a deduction of 90. That explains why a STRONG password can turn into a WEAK password by making it longer.

  11. João Brito
    February 24, 2010 at 9:57 am

    My system for passwords works like this: I created ONE huge password with TWENTY characters, and I remember this one easily. For things that aren't that important, I use the first six chars. For things that are somewhat important, I use the first ten chars. And for things that are really really important I use the whole 20 chars password. So far, so good.
    But I liked the suggestion of using the three first letters of each service after the password, it will make my six chars password a little stronger.

  12. Buffet
    February 23, 2010 at 1:45 am

    "Test" your password? - like I'm gonna fall for that! Please.

    • Michael
      February 27, 2010 at 9:06 am

      Hi Buffet
      “Test” your password? – like I’m gonna fall for that! Please
      Other people seem to have missed this point.
      I love your comment of only 10 words.
      Like love ,it changes everything.

  13. Parand
    February 22, 2010 at 8:45 pm

    It's easy to create strong passwords that you can also remember:

    In short:

    Think of a sentence you won’t forget. Here’s one:

    I hate thinking of passwords, it’s such a hassle.

    If you really can’t think of one, pick up the closest book to you, turn to a random page, and select a random sentence.

    Now, create the password as the first letter of each word in the sentence:


    There you go. That is a password that is hard to crack, but easy to remember. Because you just remember the sentence.

  14. Dave
    February 22, 2010 at 11:15 am

    I've tried all these schemes and they don't work for me. I have one simple password I use for all sites that do not require financial information.

    For more critical sites, I have a complicated password that is impossible for anyone but me to know.

    But even this system breaks down because many sites now have incompatible rules. Like "no special characters allowed but you have to mix upper/lowercase and numbers." or case insensitive but must include a symbol.

    Best idea I ever heard for dealing with systems admins who like to set up schemes forcing you to have new passwords every week is to use your existing password, then just add a number to the end of it. So that could be P@ssword1, P@ssword2, etc.

    symbols for letters drives me crazy. Was it P@ssw0rd or P@ssword? I can never remember to do it consistently.

    reverse spelling? Are you crazy? It took me 3 years to learn to type "stunodniknud" as the admin password at one clever company. My brain does not work that way but after typing it hundreds of times, I now understand that DunkinDonuts is Stu Nod Nik Nud spelled backwards.

  15. Pascal
    February 22, 2010 at 8:03 am

    This is risky to type the password with SHIFT lock turned on because it will not work if you have to use a different keyboard type, when travelling by example.

  16. Lisa
    February 22, 2010 at 7:40 am

    I use Charlatan's approach and use Keepass and Dropbox. I can generate way better passwords than I could ever think up for the 100+ passwords I have and only have to remember one. I change my Keepass password every few months to a 15+ randomly generated one that I just make myself flat out memorize.

    Tina, I get what you're saying, but keep in mind that not only is Keepass open source (you can verify what the developers are doing), but the entire database is encrypted, meaning that without the password, the information inside is just a bunch of random stuff. The Keepass folks actually recommend that not only do you use a super strong password for your database, but you also use an encrypted keyfile, like a special file on your flash drive. This significantly ups your security, as not only do you have to know something (super strong password), but you have to actually have something (keyfile on a flashdrive) to open the database.

    As far as syncing with Dropbox, I believe all of your files are encrypted before being synced. If you were super worried, you could always store your Keepass database in a TrueCrypt file.

    Keepass FTW! :)

  17. Tony
    February 22, 2010 at 6:36 am

    These tips are very useful. Password Meter and PasswordBird are some great tools to come up with strong passwords. They can be kind of combined, that is, first you go to and get a strong password. Then you can go to to check the password you got from passwordbird is safe or not.

  18. mwafi
    February 22, 2010 at 3:35 am

    thanks very useful

  19. AndreG
    February 22, 2010 at 3:24 am

    One trick that I have taught, is to augment the base password with the name of the site that its being used for so you get the following fl1r7Gma1l... but for added security I place a character between the fl1r7 and the gma1l, usually an '@' or '!' or even 'n', the 'n' works well for e99nch1p5 (egg n chips) Simple!!

  20. XabiK
    February 22, 2010 at 12:08 am

    Very good advices, but I've got another one: use 1Password (if you own a Mac and/or an iPhone/iPod Touch); it makes password using easier!

  21. sabat
    February 21, 2010 at 8:17 pm

    This is a fine article, but a couple of the suggestions won't help much against password cracking programs -- in particular, mixing upper and lowercase letters does practically nothing in defense of a password crack, and neither does replacing letters with numbers ("7" for "L", etc.). The cracking software is smart these days, and knows about those tricks. The basic idea here, though, will absolutely work: create a seemingly random series of characters, the longer the better.

  22. Charlatan
    February 21, 2010 at 7:05 pm

    My personal preference is to use KeePass, a free, open source password manager, in conjunction with a basic account at Dropbox, which gives me 2GB of free storage. KeePass generates extremely secure, unique passwords for everything I need to log into. No remembering multiple base passwords and variations for different sites, I just keep track of a single master password. Dropbox lets me store a portable installation of KeePass online, accessible from anywhere with an internet connection, and keeps my password database synchronized. So, even if I'm not at home, all of my passwords are still at my fingertips.

    • Tina
      February 22, 2010 at 2:11 am

      Thanks for sharing your approach, Charlatan.

      Doesn't it feel a little uncomfortable, that a single password gives access to all your other passwords and accounts? And then to store the information online...

      I'm sure doing it your way is much, much better than an easy to remember (dictionary) password. But even if in theory it was safe, I wouldn't feel very comfortable with doing it this way.

      Using a password safe, however, is a great alternative for people worried about losing or rather forgetting their passwords.

      • pevinsghost
        February 22, 2010 at 5:54 am

        I personally use a password safe on my PDA, that way I have all my passwords on me but don't have to remember them all and they are not being stored in a place accessible to anyone else. I happen to also have a safety deposit box too, so I keep a backup list there. Then if my device is lost or stolen I can use my backup list to get into all my accounts to change the passwords, and since it has all the sites listed it would act as a checklist to make sure I didn't miss any too.

      • Charlatan
        February 22, 2010 at 9:17 am

        Tina, no, I don't find it uncomfortable. As Lisa said, even if somebody got into my Dropbox account, the actual passwords are stored in a heavily encrypted database file. Not having to deal with multiple base passwords and all kinds of variations means it's much easier to make my master password that much more secure. I can, of course, let KeePass also generate my master password with enough length and entropy that I wouldn't have to worry about even the NSA figuring it out (might be a slight exaggeration for all practical intents and purposes, but still).

  23. tully
    February 21, 2010 at 6:24 pm

    Not true, the human brain is very good at remembering passwords. Dictionary attacks are always first step, and using dictionary words greatly increases the chances it will be hacked. I read that 40% of encryption can be cracked due to weak passwords.

    You may have 30+ different accounts, but classify them, forums etc with one password, and banks and other personal stuff seperate passwords.

  24. Shree
    February 21, 2010 at 6:05 pm

    Yes, I understand the importance of a UnHackable password.
    But IMHO...

    The above and many other suggestions will come at a price, Brain generally get fuzzy around 7th or 8th Character, In order to fool the Hackers, and making it a tough job (If not impossible), Aren't you setting yourself up for Social engineering hackers.

    The more complex your password is, and the more frequent you change it, A higher tendency to WRITE it down, under the keyboard, In the Diary, and with creative mind we come up with a number of places to hide these passwords, With multitude of systems, on average most have about 15+ system passwords, To me that is close to 30+.

    I have no answer, but in an eternal quest of how to balance the 15 AlphaNumericSpecialcharAndSymbol password (and add changing it every 2 Weeks) with not forced to write it under the keyboard.

    • pevinsghost
      February 22, 2010 at 5:46 am

      There are plenty of articles released lately that say you're making an error, that keeping passwords written down is not a huge security hole that many in the IT sector believe it to be. The reason being that through familiarity of doing it people are better at physical security than at info sec. Granted taking that written password and putting it under your keyboard is pretty stupid, if you were to keep it in your wallet it becomes pretty safe. Or do you get your wallet stolen and have to freeze your bank accounts and replace your credit cards every few days?

      • Tina
        February 22, 2010 at 5:58 am

        Very good point.

        Also, if you prefer to write down your password, you have the choice to write it down in a way that doesn't immediately reveal it's a password. For example, a credit card PIN can be hidden in a contact phone number or a password list could contain a dozen random character passwords, of which only every second or third is an actual password you're using etc.

        The point is to be creative because creativity is not predictable.

        • Kay
          March 27, 2017 at 8:45 am

          Tina, I have a question about my old hacked email address. I was told I could not have my email address back because it no longer existed, but I was still receiving emails from the hacked email address (along with my old contacts unfortunately). How is this possible? It was an email address I made in high school, which I stupidly had passwords & pictures saved to and rarely used. I changed my passwords, but I've always hoped there was a way I could get my pictures and contacts back from my old email address. I know this is an old post, you can email me if it is more convenient. Thank you!