How to create strong passwords I can actually remember?


I’ve always tried to keep my passwords reasonably strong but still something I could remember when I didn’t have access to a password manager. With all of the “reset your password immediately” warnings lately due to data breaches, that is becoming harder and harder for me. Does anyone have tips for creating passwords that are reasonably strong that can still be remembered?

Topic: Security
Answer this Question


3 total
Vote Up (4)

There are two methods I use that might be of help to you. The first one is that I create a pattern on the keyboard. This is particularly effective for me, as a visual learner. For example, I might use “the mountain and the valley” - zse4rfvbnm. Look at your keyboard and follow the letters and you can see why I called it that. FYI, I don’t actually use that one, but just made it up to give a simple example. 


The second method, and one used by many people, is to pick a line from a song, movie, whatever and use the first letter of each word. Pick a letter or two that you can remember to replace with a number (example “L” = “1” or “B” = “8”).

Vote Up (3)

How To Create and Remember Strong Passwords

"One of the best ways to protect your online security is to have strong passwords that you change periodically. But that’s easier said than done. Coming up with hard-to-guess passwords is hard enough, but it’s even harder to have separate passwords for different sites and to remember new ones after you change them.

One way to create a password that’s hard to guess but easy to remember is to make up a phrase. You could type in the entire phrase (some sites let you use spaces, others don’t) or you can use the initials of each word in the phrase, for instance, “IgfLESi#85″ for “I graduated from Lincoln Elementary School in ’85″ with a # symbol to add more security. An even better one would be “Mn1bfihswE&S” for “My number 1 best friends in high school were Eric and Steve.” You get the idea–upper case numbers, letters, and symbols that are seemingly meaningless to everyone but you. Microsoft has an excellent primer on passwords and a password strength checker."

Vote Up (3)

I use keepass (and yes, there is an android version) for my pw management. One tip I have: if a site requires a "security" question, generate the answer with keepass and store it in the notes section of that entry. Security questions are pretty stinking insecure.

Ask a question

Join Now or Sign In to ask a question.
Today's hotels are unfortunately vulnerable to types of attempted fraud. Here's how to keep data safe when you travel.
U.S. Senator Patrick Leahy has introduced a new version of a bill to rein in the National Security Agency's bulk collection of U.S. phone records in an effort to strengthen legislation that passed the House of Representatives this year.
The IT infrastructure of the National Research Council of Canada was recently compromised by highly sophisticated Chinese state-sponsored hackers, the Canadian government said Tuesday.
The majority of Android devices currently in use contain a vulnerability that allows malware to completely hijack installed apps and their data or even the entire device.
U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.
A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.
Questions abound over sites authenticating users via identities established through social networks, Yahoo Ponemon Institute survey shows.
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.
Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Join us: