The best password is one that's hard to crack and easy to remember. Nevertheless, some of the most commonly used passwords are ridiculously easy to guess, such as "password" or "123456". Such passwords could make you a victim of password spraying and other types of hacking. Don't use them! Create a strong password instead.

Even if you do have a complex password, using one and the same password for all of your online accounts is dangerous. Imagine a hacker cracked that one password. To be safe, you should create a unique and difficult-to-crack password for all of your accounts.

So do you know how to create a good password? And how can you remember more than one of them? Here are some tips and tricks to maintain individual strong passwords for all of your online accounts.

How to Create a Strong Password

Since you'll always have to remember at least one password, we'll go over how to manually create a safe password first. Further down, we'll also show you how to use a tool that can create almost uncrackable passwords and remember them for you.

The Characteristics of a Safe Password

Each password should meet the following criteria:

  • You can't find the password in a dictionary
  • It contains special characters and numbers
  • It contains a mix of uppercase and lowercase letters
  • It contains at least 10 characters
  • It can't be easily guessed based on user information, such as a birthdate, postal code, or phone number

Note that some accounts won't allow you to use special characters. In that case, you should increase the length and make the password as abstract as possible. Likewise, if the password length is limited to 6 or 8 characters, make sure you cover as many of the other points as possible.

How to Remember Your Password

Even if you use a password manager, you'll have to at least remember master password for that tool. Now how do you do that, while still following all of the criteria above? You start with something you can easily remember, a base password. Then you apply logical rules to alter your base password into something almost unrecognizable.

Create an Easy-to-Remember Base Password

Your base password could be based on a phrase, the name of a place, or a name and phone number. Now you can use several techniques to create a good base password that you will not forget. Here are some suggestions:

  • Randomly replace letters with numbers (e.g. MakeUseOf becomes Mak3Us30f)
  • Pick a sentence and reduce it to first letters of each word only (e.g. the Golden Rule "Do to others what you want them to do to you" becomes Dtowywttdty)
  • Take a word and reverse spell it (e.g. technology becomes ygolonhcet)

The examples above are not particularly safe. While you won't find any of the resulting base passwords in a dictionary, they are still failing other characteristics of a safe password.

how to create a strong password you won't forget

So make sure your initial word or phrase is sufficiently long (minimum 10 characters) and combines all of the principles above to introduce numbers, special characters, and upper and lower case spelling. That's when you'll have a safe base password.

The base password I'm going to use for here is the Golden Rule phrase with title case spelling, numbers, and special characters: D20wYWT7D2Y!(^_^)

Note that my base password meets all of the above criteria. It cannot be found in a dictionary, it contains special characters, a mix of upper and lower case letters, it is 17 characters long, and you cannot guess it based on my personal information.

Use Flexible Rules for Your Password

A computer may calculate and recognize patterns a lot quicker than the human brain. But one thing humans are still better at is being creative. That is your great advantage over hacking tools!

how to create a strong password you won't forget

As you see, in my password I replaced some letters with numbers or special characters. However, I didn't use a stiff set of rules. I replaced the t with a 2 or a 7. Using rules for replacing characters, i.e. always replacing an a with the @ symbol will weaken your password.

Here are some ideas how you can make it even harder for a hacker to crack your password:

  • Don't use common substitutions (e.g. @ for A or a)
  • When you have recurring letters within your password, mix your substitutions (e.g. 8 or ( for B or b)
  • Have a word and touch type it with your fingers in the etpmh ("wrong" shifted over) location
  • Pick a pattern on your keyboard and type it with alternating use of the Shift key (e.g. Xdr%6tfCvgz/)

Create Individual Passwords for Every Account

Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service, e.g. D20wYWT7D2Y!(^_^)GMa for your GMail account or D20wYWT7D2Y!(^_^)eBa for eBay.

Note that while this kind of password is hard to crack on its own, it is easy to understand. Should your customized base password ever get leaked, you would have to change all passwords based on it, before someone figures out your system.

We highly recommend that you use truly unique and safe passwords for all your accounts. And that's why you need a password manager. This is extremely important for keeping your online bank accounts secure as well.

Use a Password Manager

Now that you created a secure base password, use it as the master password for your password manager. You can also use it whenever you have to create a password on the spot, while not having access to your password manager. For everything else, use the best password manager for your needs to create and store your ultra-safe and unique passwords. (Here are a few types of password managers you can pick from.)

The password manager can also tell you how difficult and hence secure your passwords are. You could even use it to test the difficulty of your base password.

I use LastPass, which is a cross-platform password manager that's free to use. LastPass comes with a feature called Generate Secure Password. Note how in the screenshot below, there is a full green bar underneath the password? This means it's a strong password. A too short and/or too simple password would give you a much shorter red- or orange-colored bar.

how to create a strong password you won't forget

If you don't like LastPass, check out Google Password Manager or the quirky RememBear password manager instead.

Note that online password managers are vulnerable to hacking. Following a series of security scares in early 2017, we even recommended that you temporarily stop using LastPass. Consequently, we have also compiled some alternative password managers here.

Once you have started using a password manager, you'll find that it can do a lot more than just create and store passwords. And check out these ways to organize your password manager.

Update Passwords Regularly

This is the toughest part. To maintain safety with a strong password, you have to update your password every few weeks or months. The more often, the better. You can do this in several different ways. Here are some ideas that will keep it simple.

Change Only Your Base Password

  • Change the special character substitutions you're using.
  • Reverse use of upper and lower case letters.
  • Type the password with Shift lock turned on.

Change the Entire Password

  • Change how you identify the account you're using (e.g. use the last three rather than the first three letters, so GMa would become ail and eBa would become Bay)
  • Change the position of the letters identifying the account (e.g. put them to the front or in the middle of your base password)
  • Add the date of when you last changed the password at the back and mark it in your calendar

In other words, use your human advantage: be creative and think out of the box. And use a password manager to reduce the number of passwords you have to change manually.

Strong Passwords Everywhere

We showed you how to create a safe and easy-to-remember password. We also explained why password managers help you increase the security of your accounts. Now it's up to you to put that knowledge into action. How do you generate strong passwords? Did you use an online password generator? Have you ever had an account hacked because the password was weak?

Also, take a look at our guides on credential dumping and protecting yourself along with how to tell if a website stores passwords as plaintext and what you should do.