How to create strong passwords I can actually remember?


I’ve always tried to keep my passwords reasonably strong but still something I could remember when I didn’t have access to a password manager. With all of the “reset your password immediately” warnings lately due to data breaches, that is becoming harder and harder for me. Does anyone have tips for creating passwords that are reasonably strong that can still be remembered?

Topic: Security
Answer this Question


3 total
Vote Up (4)

There are two methods I use that might be of help to you. The first one is that I create a pattern on the keyboard. This is particularly effective for me, as a visual learner. For example, I might use “the mountain and the valley” - zse4rfvbnm. Look at your keyboard and follow the letters and you can see why I called it that. FYI, I don’t actually use that one, but just made it up to give a simple example. 


The second method, and one used by many people, is to pick a line from a song, movie, whatever and use the first letter of each word. Pick a letter or two that you can remember to replace with a number (example “L” = “1” or “B” = “8”).

Vote Up (2)

How To Create and Remember Strong Passwords

"One of the best ways to protect your online security is to have strong passwords that you change periodically. But that’s easier said than done. Coming up with hard-to-guess passwords is hard enough, but it’s even harder to have separate passwords for different sites and to remember new ones after you change them.

One way to create a password that’s hard to guess but easy to remember is to make up a phrase. You could type in the entire phrase (some sites let you use spaces, others don’t) or you can use the initials of each word in the phrase, for instance, “IgfLESi#85″ for “I graduated from Lincoln Elementary School in ’85″ with a # symbol to add more security. An even better one would be “Mn1bfihswE&S” for “My number 1 best friends in high school were Eric and Steve.” You get the idea–upper case numbers, letters, and symbols that are seemingly meaningless to everyone but you. Microsoft has an excellent primer on passwords and a password strength checker."

Vote Up (2)

I use keepass (and yes, there is an android version) for my pw management. One tip I have: if a site requires a "security" question, generate the answer with keepass and store it in the notes section of that entry. Security questions are pretty stinking insecure.

Ask a question

Join Now or Sign In to ask a question.
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.
An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.
Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.
A hacker group calling itself "Anonymous Kenya" has poked holes at the government's cybersecurity preparedness by hacking two official Twitter accounts.
New guidance from Microsoft researchers suggests that users re-use simple passwords and avoid password management services.
Apple has "inadvertently admitted" to creating a "backdoor" in iOS, according to a post by a forensics scientist, iOS author and ex-hacker.
A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.
Google, Microsoft and Yahoo are meeting with European data protection authorities Thursday to discuss how to implement a recent ruling that gives people the right to have personal information excluded from search results.
Join us: