Security

13 Ways to Make Up Passwords That Are Secure and Memorable

Dan Helyer Updated 20-02-2020

Using a different password for every service is a requirement in today’s online world. But there’s a terrible weakness to randomly generated passwords: they’re impossible to remember. The human brain is only capable of so much, isn’t it?

Advertisement

Here are some priceless tips for coming up with creative and secure password ideas that are impossible to guess, but easy to remember.

How to Make Up a Secure and Memorable Password

No article about passwords is complete without a list of all the ways to make sure your passwords are secure. Whatever passwords you create with this guide, make sure they:

  • Are at least 10 characters long
  • Don’t contain words found in the dictionary
  • Have a variation of upper and lower case letters
  • Include at least one number (123) and one special character (!@£)
  • Don’t contain information easily connected to you, such as your birthday, phone number, spouse’s name, pet’s name, or home address

Secure password entry box on computer screen
Image Credit: jamdesign/Depositphotos

All those requirements may seem like a lot to wrap your head around, but you can create a secure password with three simple steps:

  1. Find a memorable base password
  2. Transform your password so it doesn’t use dictionary words
  3. Add symbols and numbers to your transformed password

Following those steps, you can vary your base password for each service you use so it’s always different. We’ll explain exactly how to do it below.

Advertisement

Find a Memorable Base Password

The first thing to do is find a base password that’s easy for you to remember but hard for other people to guess. You can use real words in your base password, but make sure you follow our advice to transform it later.

Here are some creative ideas for memorable base passwords. Try to choose one that lets you incorporate the service name as well, so it’s different for every account.

1. Choose Random Words From the Dictionary

Dictionary.com home page with word of the day and trending words

This might be the best way to make up a secure base password because random words are harder for other people to guess. Open a dictionary at different pages and combine the first few words that catch your eye.

Advertisement

If you don’t have a paper dictionary, you could use the Word of the Day or any trending words from Dictionary.com.

I combined three trending words to come up with this password:

EmbossmentSidedNitrogen

I can vary it by substituting one of the words with the service I’m signing in to:

EmbossmentSidedFacebook

2. Think of a Line From a Song

Use a line from a song or poem you like. But try to choose something that’s obscure and not too well known. It’s probably a bad idea to use the latest Taylor Swift chorus, for example.

Advertisement

Similarly, you could pick a line from a nursery rhyme or a well-known saying.

Here’s a line from a song I like:

ItsAPicturePerfectEvening

If I was making up a creative password for Instagram, I could use:

ItsAPicturePerfectInstagram

3. Use a Line From Your Favorite Book

Text in a book for a password

Advertisement

Again, don’t make this a famous line. Instead, pick up your favorite book and open a random page, then choose any line or phrase from that page. If you like, you can highlight this line and dog-ear that page making it easy to find again in the future.

You could even add the page or line number to your password as well.

I opened my book to page 67 and chose the phrase:

WhenHeRealizesHesLeftAWatch67

Adding a service name in there, it becomes:

WhenHeRealizesHesLeftANetflix67

4. Describe Something Around You

Photo of a painting for a password

Most of us are always at our computer desk when we need to remember different passwords. For that reason, you might find it helpful to describe something around you and use that description as your base password instead.

Describe your desktop wallpaper, the view out the window, objects in the room, or pictures you have on the wall. But make sure the description is unique and unusual.

Here’s my description of a painting on my wall:

FancySuitFoxPinkFlower

Again, I can easily substitute any of the words for a different service I’m using:

FancySuitGooglePinkFlower

5. Create Your Own Phonetic Alphabet

The phonetic alphabet is a list of words you can use to refer to different letters when speaking over the phone or on the radio. It begins, Alpha, Bravo, Charlie for ABC.

Rather than using the standard phonetic alphabet, create your own alphabet using random words beginning with the same letters. Then use this alphabet to spell the first few letters of the service you’re creating a password for.

This means you can have a totally different base password for every account. All you need to do is memorize your phonetic alphabet.

Here’s my own alphabet for the first three letters of Facebook:

FireAerosmithChocolate

Transform Your Password

By now, you should have created a memorable base password that you can vary for different services you sign in to. It’s time to make your password more secure How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More by transforming the common words you used so they aren’t standard dictionary words.

Here are some creative ideas for how to transform your password.

6. Play Around With the Vowels

Vowel blocks for kids
Image Credit: Frankljunior/Depositphotos

You could remove the vowels from your base password, but that’s a little obvious. Instead, why not remove every other vowel, move vowels to the end of the word, or replace every a with an e?

Here’s my original base password:

FireAerosmithChocolate

Now I’ll move all the vowels to the end of each word to transform it:

FrieRsmthaeoiChcltooae

7. Shorten Each Word

If you have a particularly long base password, you could remove the first three letters from each word. Other creative ideas include removing every other letter, removing all but the first and last letters, or only using the first letter from each word in your password.

Using the same base password as before:

FireAerosmithChocolate

I can remove the first three letters from each word to create:

EOsmithColate

8. Reverse Your Base Password

This is a simple way to transform your password so it doesn’t use words found in the dictionary. You could choose to reverse each word or reverse only one of them. However, you might want to combine this with another transformation method to make sure your password isn’t too simple.

Reversing the same base password I used before gives us:

etalocohChtimsoreAeriF

9. Zipper Different Words Together

Zipper on denim fabric
Image Credit: mikosha/Depositphotos

Use alternating letters from each of the different words in your base password to zipper them together. This is a genius idea for creating truly unintelligible passwords that are still easy to remember. Or at least, easy to work out.

It’s easiest to use this trick if you only use a few words in your base password. Type the first letter from each word, then the second letter, then the third, and so on until you’re out of letters.

The words making up my base password are:

Fire Aerosmith Chocolate

Which I can zipper together to create:

FACiehrroeoc

Add Numbers and Symbols

Your password isn’t complete until you add numbers and special characters to it as well. This final step takes it from relatively secure to practically unbreakable, although you will notice that our example passwords get much more difficult to read as a result, which is just another one of many reasons to use a password manager 7 Reasons You Should Be Using a Password Manager Can't remember passwords? Want to secure your online accounts? Here are several key reasons why you need a password manager. Read More instead.

Here are the most creative ideas for adding numbers and symbols to your passwords.

10. Memorize a Random Sequence

The simplest way to add numbers and special characters to your passwords is to memorize a random string of them that you use in every password. You could add this string to the end, but it’s best to weave it throughout your password instead.

Here’s an example of some random numbers and special characters:

4$5%6^

And here’s one of the transformed password we created:

etalocohChtimsoreAeriF

Now, this is what happens when you put them together:

4etal$ocohC5htims%oreA6eriF^

Nobody’s gonna guess that!

11. Count Something

A memorable way to keep varying the numbers you use in your passwords is to count up the vowels or consonants that appear in the name of the service. You could then input each of those numbers at different places in your password.

For example, my transformed password for Facebook:

etalocohChtimsoreAeriF

Let’s add the number of vowels in Facebook to the beginning and the number of consonants to the end, making:

4etalocohChtimsoreAeriF4

12. Use Motor Patterns

Keyboard motor patterns for passwords

Motor patterns are not about remembering actual symbols or numbers. Rather, you create a pattern to follow based on where your fingers are on the keyboard. This is a great way to add symbols to your passwords, although it doesn’t work very well for mobile devices.

Instead of typing the first letter of each word, enter the number directly above it and the first symbol to the right on that row. This is just an example, you should create your own system for adding numbers and symbols instead.

Using those rules, my transformed password becomes:

3[talocohC6:timsoreA3[riF

13. Substitute Letters for Numbers and Symbols

There are lots of obvious ways to substitute letters with different numbers or special characters. Try to avoid the common substitutions and create your own instead. That way it’s harder for people—or computers—to work out the pattern.

Avoid common substitutions like these:

  • a = @
  • i = !
  • o = 0
  • s = $

Instead, create truly unique substitutions like these:

  • a = ^
  • i = [
  • o = %
  • s = &

I could use those same substitutions with my last transformed password to make:

et^l%c%hCht]ms%re^er]F

This would be even stronger if I didn’t substitute the same letters every time.

A Password Manager Is Still the Best Option

Now you know how to make up memorable passwords that are different for every service. Although these creative ideas help make your passwords secure, they still aren’t as secure as a truly random password could be. But for that, you’d need to use a password manager.

There are plenty of great password managers The Best Password Managers for Every Occasion Struggling to remember your increasingly elaborate passwords? It's time to rely on one of these free or paid password managers! Read More on the market. Although it may seem counter-intuitive to keep all your passwords in one place, a good manager is usually far more secure than trying to remember all the different passwords yourself.

Related topics: Computer Security, Online Security, Password, Password Generator, Password Manager.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Kilroy
    March 3, 2020 at 1:35 pm

    The 90s called and they want their password advice back. If you aren't using a password manager at this point, you're wrong. If you can remember your password it isn't strong enough.

    Testing your password proves nothing. The majority of the password strength test computes the maximum possible passwords using the characters and length of the supplied password and then figure how much processing power is required to brute force a password guessing one character at a time. That's not how passwords are cracked these days. Search for AWS password cracking for more information.

    Humans are terrible at random, test yourself - https://www.expunctis.com/2019/03/07/Not-so-random.html

    Don't stop at passwords. Your "secret questions" should also be garbage. Like my first car was a wFjFeMqcycNyuiWIDEmIwHhnf (Have to leave out numbers and symbols)

  2. Amber
    October 23, 2017 at 2:38 pm

    Under the "Use Motor Patterns" section, there is a Q on the keyboard where a D should be.

  3. John
    October 26, 2016 at 10:11 am

    If you use a base password for all you credentials and simply append the service name, it would be easy for someone to spot this and extract the base password. Given that it is common to use your primary email address as your login to most sites, a hacker would have a) your user id, b) your base password and c) the name of the site you are logging into. They simply have to try all common sites with your credentials. To be less likely that someone can spot you're using a base password, your base password would need to morph too.

    I also agree with some previous comments, don't validate your password on a password validation site, you're giving your password away for free!

  4. New comment
    July 18, 2016 at 5:14 pm

    Creating a strong password

    To keep your account safe, here are a few tips on how to create a strong password:
    Use a unique password for each of your important accounts
    Use a different password for each of your important accounts, like your email and online banking accounts. Re-using passwords is risky. If someone figures out your password for one account, that person could potentially gain access to your email, address, and even your money.
    Use a mix of letters, numbers, and symbols in your password
    Using numbers, symbols and mix of upper and lower case letters in your password makes it harder for someone to guess your password. For example, an eight-character password with numbers, symbols and mixed-case letters is harder to guess because it has 30,000 times as many possible combinations than an eight-character password with only lower case letters.
    Don’t use personal information or common words as a password
    Create a unique password that's unrelated to your personal information and uses a combination of letters, numbers, and symbols. For example, you can select a random word or phrase and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as "sPo0kyh@ll0w3En"). Don’t use simple words or phrases like "password" or "letmein," keyboard patterns such as "qwerty" or "qazwsx," or sequential patterns such as "abcd1234" which make your password easier to guess.
    Make sure your backup password options are up-to-date and secure
    Make sure to regularly update your recovery email address so that you can receive emails in case you need to reset your password. You can also add a phone number to receive password reset codes via text message.
    Many websites will also give you the option of answering a security question if you forget your password. If you can create your own question, try to come up with a question that has an answer only you would know. The answer shouldn't be something that someone can guess by scanning information you've posted online on blogs or social networking profiles. If you have to choose a question from a list of options, such as the city where you were born, try to find a way to make your answer unique by using some of the tips above. That way even if someone guesses the answer, they won't know how to enter it correctly.
    Keep your passwords secure
    Don't leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. If you decide to save your passwords in a file on your computer, create a unique name for the file so people don't know what's inside. Avoid giving the file an obvious name, such as "my passwords." If you have a difficult time remembering multiple passwords, a trusted password manager may be a good solution. Spend a few minutes checking out the reviews and reputations of these services.

    Add an extra layer of security
    Once you’ve created a password, you can add an extra layer of security by enabling 2-Step Verification. 2-Step Verification requires you to have access to your phone, as well as your username and password, when you sign in to your Google Account. This means that if someone steals or guesses your password, they still can't sign in to your account because they don't have your phone. Now you can protect yourself with something you know (your password) and something you have (your phone).

  5. anonymous
    December 2, 2015 at 1:33 pm

    do not ever enter the password in password validation sites.
    you have no clue if your password will be stored and used for cracking.

  6. Anonymous
    November 4, 2015 at 8:22 am

    I tried my new passphrase and it will take sextillion years to be cracked. I don't even know how long that will take. Awesome!

  7. Hannah
    December 28, 2014 at 1:19 pm

    Hey I typed in how to make creative passwords but the web will only pop up non-creative. Ones and it makes me so mad

  8. Ann Shea
    April 19, 2013 at 2:15 pm

    Some good ideas. I try to use the same passwords for sites I visit often but it's a pain when I have to reset one of them. I also like to use a cloud based document like Google Docs, Gmail contacts, or Evernote to store info, so I can access it anywhere, but you have to not forget the password to log into THOSE sites. Having a password reset tied to your phone for SMS messages is a great service now offered by smart sites.

    Another idea is to take a regular word and substitute numbers for some of the vowels. In this instance the world VOWEL might become V0W31... You use numbers that look like the vowel, so O is 0; E is 3, and L is 1.

    When I saw the note about using a real book to generate some base words for passwords, I thought what a great idea it would be to use a book's blank end pages or inside cover to write down key passwords. No one would look there...kind of like the old hide your jewelry inside tupperware in the fridge. LOL.

  9. Selva Kumar
    April 19, 2013 at 4:47 am

    wow really nice and usefull .. Thanks Yaara Lancet

  10. Trovolve
    April 18, 2013 at 5:52 pm

    i used to have these kind of passwords, until i came to live in France.

  11. cosanova
    April 18, 2013 at 3:55 pm

    By the way, I turned the wifi off and changed the password a bit when checking it, the site seems to just use Javascript to make the math but you never know...

  12. cosanova
    April 18, 2013 at 3:53 pm

    My system gives me a password of 10 vigintillion years, I think that is around (4 x 10^37) times stronger than 255 septillion years.

  13. Manuth Chek
    April 18, 2013 at 12:28 pm

    What about the order of Dvorak keyboard layout (and not OWERTY)?

  14. cosanova
    April 18, 2013 at 11:33 am

    Mix different languages in the password at the same time you switch letters with numbers. Dictionary attacks normally are based in English, maybe in some other major language. Random phrases ("I like peanuts while shaving my feet") in mixed languages are impossible to guess, let alone with the number trick. And these are easy to remember -unless you are monolingual...

  15. Dave Otee
    April 18, 2013 at 4:28 am

    to keep it simple.....my vote is with all those that said LastPass. That one saves my butt everytime. I do the best I can to remember most of mine (says me), only to learn that the more i think I know, the less I actually do. Great article also. Thanks for all the suggestions, they are great ideas.

  16. OLUWOLE O
    April 16, 2013 at 1:32 pm

    This tip is quite useful for me as i have many online properties that i log on to ( both for me and on behalf of others) Well written peice

  17. julien c
    April 14, 2013 at 1:42 am

    lastpass is a very good program. Make sure you have a secure master password

  18. Graham Richardson
    April 12, 2013 at 6:45 pm

    As well as the really annoying restrictions some site put on passwords there are a few which require regular changes. I have at least 5 at work 3 needing to be changed every 4 weeks and two every 6 months. I have a fairly simple system of a set password (random letters) and then a number which goes up 1 each 4 weeks. I then change all the others at the same time so they use the same number. I just need to have the number written down (away from the PC). Even then its annoying that each service has its own rules - with two not allowing the use of any non alphanumeric characters which is really annoying!

  19. Patrick
    April 12, 2013 at 6:26 pm

    Interesting, if complex, ways to create somewhat memorable passwords. Unfortunately, as Ars Technica pointed out a while back, all these "clever" password methods are now well known to serious hackers. Check out their explanation:
    http://arstechnica.com/security/2012/08/passwords-under-assault/

    • Yaara Lancet
      April 13, 2013 at 1:30 pm

      Thanks, Patrick, interesting read!

    • Charlie O.
      April 17, 2013 at 12:18 am

      Wow. That's an eye-opener. I used to think having my full name as my gmail address was cool. Now I think, if they have my name and email, cant they get my location and then phone number? How strong would 2 factor be then?

      I realize that just HAVING my phone number doesn't mean they can use my phone, or receive texts, but when I read the ARS-T article, it suddenly seems that even completely random PWs can be brute forced, and length of phrase now seems like just a race against time. Cell phones are safe, but the computers that run them are only as safe as the tech those companies can buy.

      Recently, I learned on NPR that the Chinese have an actual brigade in the military devoted to hacking. I think I like the rule, "Don't put anything online that you don't want EVERYONE to know."

  20. Manide
    April 12, 2013 at 5:32 pm

    Using Lastpass is more productive than creating passwords by yourself IMHO. Also, two-factor authentication when it's possible.

  21. Chinmay Sarupria
    April 12, 2013 at 2:19 pm

    These passwords are also hard to remember. The only thing that can be done is generate mixed strong passwords and then store them in LastPass.

  22. macwitty
    April 12, 2013 at 1:50 pm

    I have given up when it comes to having passwords that I will remember myself. Have tried different methods but there are too many sites that require passwords for me to remember them. Worst it is with those I not used very often. Today I have three really strong passwords that I can remember - the rest is in 1Password. The tree I remember is a combination of misspelled words, numbers and space

  23. Darrell Walery
    April 12, 2013 at 12:06 pm

    These are great tips but pretty complicated. Here is a post I did that gives you some simpler ways to create secure passwords. Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?
    Some are similar but a bit simpler.

    • dragonmouth
      April 12, 2013 at 1:54 pm

      "Here is a post I did that gives you some simpler ways to create secure passwords."

      Simpler ways lead to simpler, less secure password. Input the sample passwords provided by the site you mention into PasswordMeter.com's analyzer. You will find that First Letters of a Phrase and Random Word methods lead to very weak passwords.

      "Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?"

      That depends on how much you value the information you are trying to protect, and/or whether you mind your PC being used as a zombie. Do you mind someone unauthorized using your WiFi?

  24. Helen
    April 12, 2013 at 10:55 am

    I thought I had a system down for passwords and then discovered that keyboards on smart phones do not match keyboards on my pc an I now have all kinds of headaches when I need to put a password into my I phone. (One I made up on my PC at home)

    • Scott M
      April 12, 2013 at 11:02 am

      That happened to myself as well.Drove me crazy for a while.I had to redo quite a few passwords.

  25. Scott M
    April 12, 2013 at 10:38 am

    I use sticky password.I find it the best.

  26. Kuriakopoulos Marios
    April 12, 2013 at 9:34 am

    really interesting article!! thank you.
    i had never thought of using the service name in the end of the password.
    You made me think of redesigning all my passwords!

  27. techguyknows
    April 12, 2013 at 8:31 am

    HowSecureIsMyPassword can be inaccurate at times. A simple word can take a long time to crack?

    • Yaara Lancet
      April 12, 2013 at 11:37 am

      Which word did you use? For most simple words I tried it returned either "instantly" or several hours. The most I got was several days for very long words.

      • dragonmouth
        April 12, 2013 at 1:40 pm

        ROTFLMO!!! HowSecureIsMyPassword is a JOKE. It puts more value on QUANTITY of characters in a password than on their QUALITY. I put in the 26 letters of the English alphabet, in order, lower case into their "analyzer". I was told that it would take 430 quintillion years to crack it. Both you and I know that even an incompetent hacker can crack that password in seconds.

        PasswordMeter.com and TestYourPassword.com provide a more stringent analysis of the security of a a prospective password.

        On the surface your tips seem great but they all exhibit a pattern. Once a hacker determines a pattern, his/her job becomes easier by orders of magnitude. If you want really want to be secure you need to generate random characters passwords using a password generator, such as PassGen or PasswordChart.com, and then using a password manager.

        However, the Achilles heel of LastPass, KeePass and other password managers is that if their password is compromised, all others in the vault are available to the nogoodnik.

        • Yaara Lancet
          April 13, 2013 at 1:28 pm

          Thanks for the feedback, dragonmouth. Right to the point, as usual. :)

  28. suneo nobi
    April 12, 2013 at 6:31 am

    Agreed,but an application like KeePass would streamline the process a little as well as protect from the keyloggers with additional entropy...........................

    • Yaara Lancet
      April 12, 2013 at 11:35 am

      Very true. Password managers are great, as I mention in the first paragraph of this article... :)

  29. Nevzat A
    April 12, 2013 at 5:56 am

    Great suggestions, Yaara, many thans for the article.

  30. Kirby
    April 12, 2013 at 5:55 am

    I usually choose a password related to the site / service I'm using so it would be easier to remember.

  31. Bogdan Chirita
    April 12, 2013 at 5:37 am

    good article. one of my passwords takes 125 million years to break, according to HowSecureIsMyPassword.

    • Sam
      April 12, 2013 at 8:29 am

      And now, HowSecureIsMyPassword knows your password, too :)))

      • Chris Marcoe
        April 13, 2013 at 5:31 pm

        Change a single letter in it and they don't. Change a few #s and they won't know it. they are jsut looking to see what the digit is, like, capital/lower case/number/symbol. It doesn't matter what the value is.

  32. Chris
    April 12, 2013 at 5:25 am

    A vote for Lastpass from me. 80 sites all with different randomly generated passwords.

    Another point of view to the whole invent-your-own: http://xkcd.com/936/

    The more complicated I have to make the password, the more likely I am to write it down.

    Also, if you run a website that allows account creation, please stop restricting me. My bank allows a max of 16 characters. An MMO I play allows me to use a 21 character password of my choice. According to all the password strength checkers I've tried, the MMO is orders of magnitude more secure. There's literally no reason for length restrictions since the password should be stored as a hash.

    • Yaara Lancet
      April 12, 2013 at 11:35 am

      That's a good xkcd, thanks for sharing that. :)

      As for password managers, I use one myself, as I mentioned in the first paragraph of this post. The post is for those who want to avoid that or just want passwords they can also remember.

  33. Shaun Campbell
    April 12, 2013 at 4:35 am

    ...or just use Lastpass.

    • Yaara Lancet
      April 12, 2013 at 11:33 am

      Yeah... that's covered in the intro paragraph. :)

  34. Pooja
    April 12, 2013 at 1:51 am

    Interesting post... but in some cases sites don't allow special chars. then what can be done in that case?

    • Yaara Lancet
      April 12, 2013 at 11:31 am

      Just don't use special characters in those. Although I believe most websites allow characters such as @#$% in passwords.