How To Create Strong Passwords That You Can Remember Easily

Ads by Google

password-lockCreating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.

Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.

What makes a strong password?

I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.

You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.

Ads by Google

2. I used the following rules to replace the regular characters with special characters. You can form your own rule.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

In this case, the simple term Damien Oh becomes D@m!en%Oh.

3. Now go to [NO LONGER WORKS] Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.

how to create strong passwords

4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.

For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account.   If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.

Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.

Is that enough?

That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:

Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:

  • M@keD@m!enU$e0h0f
  • M@keU$eD@m!en%0h

You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.


Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.

What other methods do you use to generate your passwords?

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
414 Members
Best Anonymity Tools
Best Anonymity Tools
286 Members
Deep Web Communities
Deep Web Communities
252 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
151 Members
Online Security Tips
Online Security Tips
145 Members
Best Music Services
Best Music Services
110 Members
Parental Control Tools
Parental Control Tools
49 Members
Ads by Google
Comments (32)
  • Marcus Fridholm

    All such replacement systems as described here are the at the very bottom rung of cryptography. When it comes to computers l33t or variants are utterly useless as password enhancers. Better to stick in a random special character in a random place: A construct like “pas=sworD” is inherently stronger in real life than “p4$$w0rd”.

    Even if the replacements in a l33t scheme are totally randomly chosen (like using ? instead of s), it is trivial to run all variants in a computer in fractions of fractions of seconds; if of course the scheme holds true throughout the password. It is also hard to remember for you, the creator.

    Actually a password like “D@m!en%OhG00glem@!l” is rather easy to guess for a computer, even with a 90-bit entropy, if the salt “Damien Oh” can be guessed and is added to the rainbow table. A rainbow table is the table of words and phrases to try separately and in combos. At the very top of such a table are names, domains, mail addresses, common words, common places, statistically common passwords and so on.

    The problem then becomes the salt. If the salt can be guessed, you can replace all you want and it makes no difference whatsoever.

    So what is the solution?

    It would actually be harder (for a computer) to guess a series of plain text seemingly unrelated random words.
    Take the phrase: “strategymentreplacel33tfalsesafetylikeseltinnotsalT”.
    Not only has it about 250 bits of entropy, it’s also associative but without stuff that can be researched by researching the person behind the password.
    Even the shorter “egystratmentreplacel33T!=true” has ~150 bits of entropy, is rather tongue in cheek and therefore easy to remember – for the creator that is.

    Computers are not people (yet), and what looks hard for us is trivial for a computer, while what looks easy for us can be hard for someone without associative skills.

    I recommend reading that describes the problem in a fun way.
    I recommend visiting to make your own.
    I recommend using to get a feel for the entropy of your chosen password.
    I strongly recommend using google authenticator where you can, and I recommend lastpass, that can save all your passwords securely. Combine the two to make lastpass your true armored safe for passwords.

  • 44

    Plz tell me one password i can keep that my friends.i m 18 years.

  • 44

    I am angry of my password my name. Is u cant prouns it
    my father is fish

  • Keith Davis

    I don’t know if I can remember my password, but testing it on the meter gave me 100% so I’ll settle for that.

    Brilliant and very useful post… with all the WordPress hacking, it’s just what I needed.

  • Marc

    I use visual “snake” patterns on my keyboard. For example, the password hy65tgfr4 may be hard to remember, but type it and notice the pattern. I usually complicate the password by using shift on some keys, also using a pattern. E.g.: CdE3$rFvBgT5.

    This way you need to remember only three things: the starting location of your password (can use for example the first letter of the site name), the direction of the “snake” and the shifting pattern.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In