You know you need to create a strong password for your online logins. Everybody does. The trouble is coming up with unique passwords for each account and then remembering them. Is that even possible? It is, I promise you. As proof, I’d like to share with you three simple password strategies to create strong passwords you can remember easily.
Every day of our lives we’re required to input passwords. It’s estimated that the average internet user has 240 online logins.
That’s a lot of passwords to create and remember!
Here’s another troubling statistic: 81% of us reuse our passwords.
Most people don’t know that there are three different levels of password security, and most people barely pass the first level. The good news is that there are easy ways to fix this. I break this down into three primary strategies I call:
- “The Nursery Rhyme” password strategy
- The “Unique Modifier” password strategy
- The “Use a Password Manager” strategy
When you select a password strategy, you create memorable passwords that are much better than using the same password or even random words. You can get ahead of the curve here and make it much harder for people to hack your accounts.
Before we begin with how to create passwords, however, you need to understand the fundamental characteristics of what makes a password “strong.”
*Note: Some of the links in this article may be affiliate links, which means that at no extra cost to you, I may be compensated if you decide to use a service listed below. Rest assured, I have used every service I recommend and appreciate your support!
5 Characteristics of Secure Passwords
How exactly do you define a “strong password?”
There are five specific qualities of a secure password that you should know. Take a moment to think about your bank password and see if how it stacks up against this list:
- Strong Passwords are Unique. Do you use this password anywhere else? Like it or not, you should be using different passwords for each of your logins. Why? Let’s say that one of your passwords get stolen or swiped somehow. If you use the same password for all your logins, the thief could now easily access your email, investment account or other important accounts.
- Strong Passwords are Lengthy. The proof is in the math. A longer password is mathematically harder to crack, although with a brute force attack, technically anything is possible. Such a password should be at least 12 characters long but I would suggest 20 or more characters for your most sensitive logins (bank, email, investments, etc.)
- Strong Passwords are Full of Character. Your password needs to have some variety. What does this mean, exactly? When you create a password, it should contain lowercase letters, capital letters, numbers, special characters, and even special symbols.
- Strong Passwords Don’t Make Sense. If I can look at your password and make sense of it, something is wrong. If it includes dictionary words or a compound word or phrase I can quickly understand, it’s usually not a strong password.
- Strong Passwords aren’t Impossible to Remember. Writing down your passwords is a bad idea, unless you’re keeping this sheet of paper in a physical safe. Definitely don’t carry a password list around with you. The remaining options are to have a memorable password (it can be done!) or have a master password (which I’ll explain in a moment).
Note on Passwords
You think your password passes the test? Use this password strength checker to find out for sure.
How can you create passwords that you can recall without being some wizard computer tech specialist? I’m excited to introduce three of my favorite password strategies to create a strong password that will produce virtually un-crackable security for your accounts.
3 Strategies to Create a Strong Password
Now that you understand the basic characteristics of a strong password you have the necessary tech skills and stay ahead of the average person. The trick is learning how to use uncommon words or even gibberish to create a strong password.
Here are three simple strategies – which I don’t consider common password strategies! – to create a strong password that you can easily remember.
“The Nursery Rhyme” Password Strategy
It’s called the “Nursery Rhyme Strategy”, but the truth is that any kind of memorable saying, Bible verse or phrase can work here.
The key is that whatever phrase you end up using, it’s a phrase that you know by heart.
The strategy works by taking the first (or last) letters from each word in the phrase you’ve chosen and stringing them together to create an unintelligible password with letters, numbers and symbols. It can include upper and lower case and anything else you can come up with.
It’s easier to show you than explain it, so I’m going to use Mary Had a Little Lamb as an example:
In the above example, notice that the final result is a password that is more than 20 characters long, includes various special characters (symbols, capital letters, numbers) and makes no sense by itself.
Obviously, I wouldn’t suggest you use my example here. Instead, try to find a phrase or song that is unique to you. This could be:
- The first two lines of your favorite song
- Your favorite quote
- Your favorite Bible verse
- A memorable nursery rhyme
Now if you’ve been reading carefully so far, you’ll notice that this password lacks one characteristic of most secure passwords:
It’s not a strong password if you reuse the same one on multiple accounts.
How can we make this password unique for each and every login that you have without you having to think up a new phrase or song for each one?
That’s where this next simple strategy becomes important.
Unique Modifiers Create Unique Passwords
Before you jump ahead, I want to clarify that “adding a unique modifier” does not mean simply adding a “1” or a “!” to the end of your regular password.
It’s far too easy for those passwords to be hacked. It’s also not memorable. How do you remember which account you used “1” and which one you used “8”?
There is a better way.
One of my favorite password strategies is to incorporate parts of the name of the service I’m using into the password.
For example, if I’m creating a password for my Facebook account, I want to add unique properties to my password that are related to Facebook.
This can be done in a number of different ways:
- Adding the first and last letters of the service to the beginning and end of the password: Continuing with a selected service e.g Facebook, this means that I would begin my complex passwords with an “F” and then end it with a “k” (Facebook). If I had chosen Mary Had a Little Lamb as my phrase from Strategy #1, the end result of my unique password would look like this:
- Spell the service backward: Another way to do this would be to add the word “Facebook” at the end of the password, but to spell it backwards. In this case, it would look like: Mh@llwfwwa$&etMwtlws2gkoobecaF
There are other creative ways to do this, but hopefully you get the idea.
By combining both strategies, you can create a strong password for each account login without having to write it down.
*Note: One thing you might be thinking is that it will take too long to type this out, especially if I do this for all my passwords. That’s ok! Your fingers will start to learn the phrase and the fact that it takes a bit of time is a good indication that you’ve got a strong password.
Use a Password Manager to Create a Strong Password
Now, at this point you might be thinking to yourself “This is crazy. There’s no way I’m going to set aside the time to figure this out!“
If that’s you, don’t worry. I understand.
And thankfully, there is now technology that can assist you to create better passwords than you could ever create for yourself. It’s called a password manager.
Password managers are extremely useful because they create extremely long and complicated passwords for each login and then store them in the encrypted password manager vault so you don’t have to remember it.
All you need is a “master password” to unlock it all.
It’s incredibly important that your master password is strong and memorable! I recommend you use the first two strategies listed above to help you create your master password.
Of course, a system like this is only as secure as the software you’re using, and I’ve detailed all the pros and cons in my 1Password review.
You can try their 14-day free trial but if you upgrade features, it ends up being a small amount of money to exchange for airtight security. Best of all, it’s so easy to use – you don’t need to be a computer tech specialist to do it!
Additional features that often come with these types of password managers include:
- Security alerts (i.e. “someone is trying to hack into your account!”)
- Easy password changes;
- Password autofill;
- Sync your passwords across all your desktop and mobile devices;
If setting up your own secure password just seems too complicated, a password manager is the way to go.
Myth of the Un-crackable Password
As I wrap up this look at different password strategies, including the use of a password manager, it’s important to point out that there is no such thing as an “un-crackable password”.
It’s a myth.
For this reason, I highly recommend you cover yourself with various layers of security. What does this mean? You can do things like:
Implement 2-Factor Authentication
Two-factor authentication is an additional layer of security that requires you to either input a code or a physical key after logging in with your new password.
This type of security, known as “2FA,” usually happens in one of three ways:
- SMS Text: a code is sent to your mobile phone every time you log in with a new device.
- Authenticator App: Using an authenticator app like Google Authenticator, you are given a 6-digit code that changes every 30 seconds.
- Security Key: A key such as the Yubikey Security Key is a physical security measure that forces you to plug in your key anytime you need to authenticate your identity, something which is very difficult to hack.
2FA is an excellent way to secure even the most secure passwords. If you need help, we have guides on how to set up Google Authenticator as well as how to set up a 2FA security key.
Refuse to Reuse Passwords!
Whether you’re using a password manager or just creating a password that you remember on your own, it’s very important that you don’t reuse passwords on multiple accounts.
I know how hard this is, and it’s even more difficult to retroactively go back and change all your passwords, so my recommendation is to make sure you change the passwords to your most sensitive accounts (banking, investments, email, etc.).
Then, as you create new online accounts, be sure to use your new password manager to keep from reusing the same old passwords.
Create Made-Up Answers to Security Questions
It’s a terrible yet common strategy used by many companies. They tend to ask the same “security” questions such as:
- What is your mother’s maiden name?
- What street did you grow up on?
- What is the name of your first pet?
The problem is that the answer to these questions is usually way too easy to discover with a bit of digging online. The best strategy here is to create false answers to these questions.
You can either use the same false answers every time you’re asked these questions or you can make new ones up for each login and then store the answers you used in your new password manager.
Be Vigilant…Nothing is “Uncrackable”
Finally, you should be a realist about online security.
NOTHING is 100% safe.
NOTHING is unhackable.
Every year we receive new reports of services and companies that have experienced data breaches and have had credentials stolen. Be aware that this is possible – it’s the main reason why you don’t want to reuse your passwords.
Be sure to subscribe to the All Things Secured YouTube channel!
Download the Security Checklist
As you might imagine, passwords are just the first step in securing your online accounts. I’ve already alluded to a few of the others here (i.e. two-factor authentication), but there’s more you need to consider, such as:
- Are your social media profiles private?
- Is your home network vulnerable?
- How well are you personal devices secured?
Instead of trying to figure this all out on your own, I encourage you to download my online security checklist that will help you walk through the most important steps you can take today.