How To Create Strong Passwords That You Can Remember Easily

Ads by Google

password-lockCreating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.

Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.

What makes a strong password?

I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.

You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:

Ads by Google

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.

2. I used the following rules to replace the regular characters with special characters. You can form your own rule.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

In this case, the simple term Damien Oh becomes D@m!en%Oh.

3. Now go to [NO LONGER WORKS] Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.

how to create strong passwords

4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.

For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account.   If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.

Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.

Is that enough?

That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:

Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:

  • M@keD@m!enU$e0h0f
  • M@keU$eD@m!en%0h

You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.


Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.

What other methods do you use to generate your passwords?

Ads by Google
From the Web

31 Comments - Write a Comment


Mackenzie Morgan

1. Think of a sentence, phrase, title, lyric…at least 12 words long. Preferably 15 words or longer. “All around the mulberry bush the Monkey chased the Weasel. The Monkey thought it was all in fun.”
2. Take the first letter of each word, maintaining capitalization. AatmbtMctW.TMtiwaif
3. Change *some* of the letters to 1337 (but not all, otherwise you cut down your entropy again). And if it goes from letter to number in 1337 and is capital, still hit shift: A@7m13tMchW.&Mt|waif
4. Use that.



There are also a number of free programs to help you with this cause.
KeePass has a password generator, as do Roboform, PassPack, and Sxipper.

If you want a free solution that’s integrated directly into your browser, with one-click automatic logins, automatic backup and syncing of your passwords across multiple platforms, browsers, and locations — as well as lots of other features — you should also look at
We’re currently in public beta.

Damien Oh

I am not sure I want to have the password integrated directly into my browser since I have a family PC that is used by 6 people in the household. Since it can sync over multiple platform, does it mean that it is stored online on your server? I am concern about the security issue here.


I use robo form, and there’s a master password for each user. {Idenities} So someone else unless they have your master password can’t look at your files.



My favorite trick is to move my fingers from the home row (i.e. asdf jkl;) on the keyboard to another row (either up or down). (e.g. If you want to type the string “makeuseof” replace it with “jqi37w39r”. Then push shift for half of it. now we get “JQI#7w39r”.)

Practice it in notepad a few times, and you’ve got a fast, easy, and very secure password.
You now have symbols, upper and lowercase letters, and numbers in your password. The best part: you can’t even tell a person your password if they give you truth serum! You don’t actually know your password, but rather how to type it! Secret agents would love this!

Great article!

Damien Oh

That’s a good way to generate a unique password. Does it work with a different keyboard layout? I know of some gaming keyboards that have a slightly different layout. Will it still work with your existing password?



Thanks for this. I have been trying to come up with a simple algorythum for some time. This served as the perfect starting point for me! Now the fun of converting all my accounts begins!



These tips are very helpful for beginners and advanced users as well no one’s passwords are safe now.



“Replace all the ‘a’ with @” – I’m sure any proper password cracking tool is doing easy substitutions like that to the wordlists. Don’t use any word that is in a dictionary and do make up your own rules for 2.



Thanks for the post.

There’s this problem that I see with such a substituting algorithm: there are some websites that I’ve seen which have a taboo for a particular set of characters – say $, % and ~. In this case, you just can’t stick with your algorithm. And creating a for that site alone will make it difficult for remember. The browser’s password manager can be of help here.



Brilliant! Converting my accounts as well now.



I would only recommend such a practice for the sites that you really trust. If you use this scheme for a site that harvest passwords, it will be very simple for them to recognise the pattern.

I use random password combined with a password safe. Still a single point of failure, but I am at least sure that I never use the same password for different accounts…


Simon Slangen

I use serial numbers from random products I’ve got lying around ^^ (e.g. 0PL218KGA)


The Windows Fix

I actually just wrote about a password checking tool today. Password Meter sucks…I had a incredibly long password with #s, characters, upper and lower case letters, and still got a very weak response.



You can always use the Ultra High Security Password Generator at GRC…



My passwords are different for everything, but they’re all based on the same formula. That way all my passwords are around 20 characters long and they’re easy to remember.


Min Patty

i also use for easy to use daily human passwords.


Mark O’Neill

I just tried out this website – . It told me that my password would take 59,000 days to crack. Not sure if it that is true or if it was just trying to make me feel better! :-)


Bob Smith

Just use KeePass. It’s free, it has a good PW generator, and it eliminates a lot of hassle. There’s even a Linux version.



Great tip, but I found that using a password keeper to generate a password is faster and more secure.



I hate it when a site won’t let you use special characters and I have to come up with a special weaker password for that site. Passwod managers and generators are cool, but if you use different computers with different OSes or you use a friends computer you may not have access to your random passwords.


F. Seidl

Consistently using simple substitution rules is almost like not using them at all. As was pointed out already, any serious crack attempt will run quickly through these simple rules.

With so many sites asking for passwords, one has to first consider whether or not to use the same password in multiple places; e.g., Should your Gmail account use the same password as your New York Times subscription? IMO, the answer is no. By using different passwords on different sites, you create natural security breach firewalls.

But, as soon as you start using different passwords, it quickly becomes impossible for you to remember all your passwords anyway, so making memorable passwords becomes not that important.

The approach I recommend is to keep a “black book” and create genuinely strong passwords. You may or may not elect to use a software password manager (if you do, use a secure one!) but its critical that you keep a physical record of each password. I do use a software password manager, but I also keep a physical record of all passwords in a little black book–literally.



People need to stop thinking about passWORDS and think of passPHRASES. “MyS0nis12.” My Son is 12. “B1llh@s@w3@kp@ssw0rd!” Bill has a weak password! “MyB0ssisAnidi0t!”



Strong passwords are defined in this blog


sorry, but the link doesn’t work.



PasswordMeter fails at my password. It grows stronger and stronger with each letter i type and suddenly falls to “Very Weak”.



Here( is a Password generator that create a strong password that is easy to remember. It taken ur easy remembered password and change it into strong password.



I use visual “snake” patterns on my keyboard. For example, the password hy65tgfr4 may be hard to remember, but type it and notice the pattern. I usually complicate the password by using shift on some keys, also using a pattern. E.g.: CdE3$rFvBgT5.

This way you need to remember only three things: the starting location of your password (can use for example the first letter of the site name), the direction of the “snake” and the shifting pattern.


Keith Davis

I don’t know if I can remember my password, but testing it on the meter gave me 100% so I’ll settle for that.

Brilliant and very useful post… with all the WordPress hacking, it’s just what I needed.



I am angry of my password my name. Is u cant prouns it
my father is fish



Plz tell me one password i can keep that my friends.i m 18 years.

Your comment