The important advice we constantly see online is “Make sure to use a strong password”. Here’s how to create a strong password and, more importantly, how to actually remember it.
Using a password manager helps here, as it can create strong passwords and remember them for you. But, even if you use a password manager, you’ll at least need to create and remember a strong password for your password manager.
So do you know how to create a good password? And how can you remember more than one of them? Here are some tips and tricks to maintain individual strong passwords for all of your online accounts.
What Is a Strong Password?
The best password is one that’s hard to crack and easy to remember. Nevertheless, some of the most commonly used passwords are ridiculously easy to guess, such as “password” or “123456”. Don’t let passwords like these give you ideas! Create a strong password instead.
Even if you do have a complex password, using one and the same password for all of your online accounts is dangerous. Imagine a hacker cracked that one password. To be safe, you should create a unique and difficult-to-crack password for all of your accounts.
How to Create It?
Since you’ll always have to remember at least one password, we’ll go over how to manually create a safe password first. Further down, we’ll also show you how to use a tool that can create almost uncrackable passwords and remember them for you.
What Are the Features of a Safe Password?
Each password should have the following features:
- Containing special characters and numbers
- Having at leas 10 characters
- Containing a mix of lowercase and uppercase letters
- Shouldn’t be found in a Dictionary
- Being unguessable based on user information, like birthdate, postal code, or phone number.
Tips to Remember Your Password
Even if you use a password manager, you’ll have to at least remember master password for that tool. Now how do you do that, while still following all of the criteria above? You start with something you can easily remember, a base password. Then you apply logical rules to alter your base password into something almost unrecognizable.
1. Create an Easy-to-Remember Base Password
Your base password could be based on a phrase, the name of a place, or a name and phone number. Now you can use several techniques to create a good base password that you will not forget. Here are some suggestions:
- Randomly replace letters with numbers
- Pick a sentence and reduce it to first letters of each word only (e.g. “Do to others what you want them to do to you” becomes Dtowywttdty)
- Take a word and reverse spell it (e.g. technology becomes ygolonhcet)
The examples above are not particularly safe. While you won’t find any of the resulting base passwords in a dictionary, they are still failing other characteristics of a safe password.
So make sure your initial word or phrase is sufficiently long (minimum 10 characters) and combines all of the principles above to introduce numbers, special characters, and upper and lower case spelling. That’s when you’ll have a safe base password.
The base password I’m going to use for here is the Golden Rule phrase with title case spelling, numbers, and special characters: D20wYWT7D2Y!(^_^)
Note that my base password meets all of the above criteria. It cannot be found in a dictionary, it contains special characters, a mix of upper and lower case letters, it is 17 characters long, and you cannot guess it based on my personal information.
2. Make Individual Passwords for Every Account
Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service, e.g. D20wYWT7D2Y!(^_^)GMa for your GMail account or D20wYWT7D2Y!(^_^)eBa for eBay.
We highly recommend that you use truly unique and safe passwords for all your accounts. And that’s why you need a password manager.
3. Use Flexible Rules for Your Password
A computer may calculate and recognize patterns a lot quicker than the human brain. But one thing humans are still better at is being creative. That is your great advantage over hacking tools.
As you see, in my password I replaced some letters with numbers or special characters. However, I didn’t use a stiff set of rules. I replaced the t with a 2 or a 7. Using rules for replacing characters, i.e. always replacing an a with the @ symbol will weaken your password.
Here are some ideas how you can make it even harder for a hacker to crack your password:
- Don’t use common substitutions (e.g. @ for A or a)
- When you have recurring letters within your password, mix your substitutions (e.g. 8 or ( for B or b)
- Have a word and touch type it with your fingers in the etpmh (“wrong” shifted over) location
- Pick a pattern on your keyboard and type it with alternating use of the Shift key (e.g. Xdr%6tfCvgz/)
Update Passwords Regularly
This is the most difficult part. In order to maintain safety with a strong password, you have to update your password every few weeks or months. The more often, the better. You can do this in several different ways. Here are some ideas that will keep it simple.
1. Change Only Your Base Password
- Change the special character substitutions you’re using.
- Reverse use of upper and lower case letters.
- Type the password with Shift lock turned on.
2. Change the Entire Password
- Change how you identify the account you’re using (e.g. use the last three rather than the first three letters. So GMa would become ail and eBa would become Bay).
- Change the position of the letters identifying the account (e.g. put them to the front or in the middle of your base password).
- Add the date of when you last changed the password at the back and mark it in your calendar.
In other words, use your human advantage. You can be creative and think out of the box. And use a password manager to reduce the number of passwords you have to change manually.
Use a Password Manager
Now that you created a secure base password, use it as the master password for your password manager. You can also use it whenever you have to create a password on the spot, while not having access to your password manager. For everything else, use the best password manager for your needs to create and store your ultra-safe and unique passwords.
The password manager can also tell you how difficult and hence secure your passwords are. You could even use it to test the difficulty of your base password.
LastPass is a cross-platform password manager that’s free to use. If you don’t like LastPass, check out Google Password Manager instead. LastPass comes with a feature called Generate Secure Password.
Note that online password managers are vulnerable to hacking. Following a series of security scares in early 2017, we even recommended to temporarily stop using LastPass. Once you have started using a password manager, you’ll find that it can do a lot more than just create and store passwords.
Test your password
If you use a password manager, it will test your password in real time, on the safety of your computer. The sites How Secure Is My Password?, How Big Is Your Password? and How Strong Is Your Password? test if your password is long enough. But they won’t warn you about common guessable phrases, like those Bible verses.
Of course, typing your passwords into unfamiliar sites is a bad habit. These sites are safe, as they are all publicly run by trusted developers who promise that your entered text never leaves your computer. Still, to be safe, just use these sites to get the gist before you make your real password.
Just you need to remember that it’s not all about password strength. For example, if you re-use the password at multiple locations, it may be leaked and people may use that leaked password to access your other accounts.
Using unique passwords for every site or service, avoiding phishing sites, and keeping your computer safe from password-capturing malware is also important. Yes, you should choose a strong password. But you need to do more than that. Using stronger passwords will not keep you secure from all the threats out there, but it is a good first step.
We showed you how to create a safe and easy-to-remember password. We also explained why password managers help you increase the security of your accounts. Now it’s up to you to put that knowledge into action. How do you generate strong passwords? Have you ever had an account hacked because the password was weak?
Also, you can take a look at our guide on how to tell if a website stores passwords as plaintext and what you should do.
This post is also available in: Español (Spanish)