Person typing on the Cherry KW 9200 Mini Keyboard
Hannah Stryker / How-To Geek

“Be sure to use a strong password” is advice we all constantly see online. Here’s how to create a strong password—and, more importantly, how to actually remember it.

Using a password manager helps here, as it can create strong passwords and remember them for you. But, even if you use a password manager, you’ll at least need to create and remember a strong password for your password manager.

How to Remember Passwords the Easy Way

You probably have accounts on more websites than you can remember—we definitely do. There’s simply no way to easily remember every single password without duplicating passwords or resorting to some sort of pattern. But reusing passwords is dangerous—it can put you at risk when a service’s password database leaks, for example, and that happens often.

This is where a password manager comes in. As long as you create a strong master password that you can remember, that’s the last password you’ll need to deal with. A password manager can generate strong, unique random passwords for you, remember them, and automatically fill them in for you.

Never Forget Another Password Again with Keeper Security

Keeper is the answer to your password woes with an easy-to-use app, cross-platform service, and loads of convenient features.

There are a lot of good password managers out there. We’re big fans of 1Password, Dashlane, and the open-source Bitwarden. Our favorite password managers have apps for every device, integrate with all popular web browsers from Chrome to Edge to Firefox to Safari, and they sync your passwords across all your devices. (If you want to keep your data entirely under your own control, you can use KeePassXC, too—or set up your own syncing server for the also-open-source Bitwarden.)

Password managers have a ton of other great features, like security dashboards that warn you about passwords you may want to replace, an automated password changer, and a lot more. If you’re serious about security, you’ll make sure to use strong passwords everywhere, and the easiest way to manage them is a password manager.

The Best Password Managers of 2023

Best Overall Password Manager
Best Free Password Manager
Best Password Manager and VPN C...
Best Password Manager for Busin...
Best Offline Password Manager

The Traditional Password Advice

According to the traditional advice—which is still good—a strong password:

  • Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better. It’s probably a good idea to shoot for 16 to 18.
  • Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
  • Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
  • Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

Try to mix it up—for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious—it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess.

The password generator in 1Password's Firefox browser extension.

RELATED: Why You Should Use a Password Manager, and How to Get Started

A Trick For Creating Memorable Passwords

With the tips above, it’s pretty easy to come up with a password. Just bash your fingers against your keyboard, and you can come up with a strong password like 3o(t&gSp&3hZ4#t9. That’s a pretty good one—it’s 16 characters, includes a mix of many different types of characters, and is hard to guess because it’s a series of random characters.

The only problem here is memorizing this password. Assuming you don’t have a photographic memory, you’d have to spend time drilling these characters into your brain. There are random password generators that can come up with this type of password for you—they’re generally most useful as part of a password manager that will also remember the passwords for you.

You’ll need to think about how to come up with a memorable password. You don’t want to use something obvious with dictionary characters, so consider using some sort of trick to memorize it.

For example, you might find it easier to remember a sentence like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” You can turn that sentence into a password by using the first digits of each word, so your password would become TfhIeliw613FS.Rw$4pm. This is a strong password at 21 digits. Sure, a true random password might include a few more numbers and symbols and upper-case letters scrambled around, but it’s not bad at all.

Best of all, it’s memorable. You just need to remember those two simple sentences.

The Passphrase / Diceware Method

The traditional advice isn’t the only good advice for coming up with a password. XKCD did a great comic about this many years ago that’s still widely linked to today. Throwing all the usual advice out, the comic advises choosing four random words and stringing them together to create a passphrase—a password that involves multiple words. The randomness of the word choice and length of the passphrase makes it strong.

The most important thing to remember here is that the words need to be random. For example, “cat in the hat” would be a terrible combination because it’s such a common phrase, and the words make sense together. “my beautiful red house” would also be bad because the words make grammatical and logical sense together. But, something like “correct horse battery staple” or “seashell glaring molasses invisible” is random. The words don’t make sense together and aren’t in grammatically correct order, which is good. It should also be much easier to remember than a traditional random password.

People aren’t good at coming up with sufficiently random combinations of words, so there’s a tool you can use here. The Diceware website provides a numbered list of words. You roll traditional six-sided dice and the numbers that come up choose the words you should use. This is a great way to choose a passphrase because it ensures you use a random combination of words—you may even end up using words that aren’t a normal part of your vocabulary. But, because we’re just choosing from a list of words, it should be fairly easy to remember.

Diceware’s creators now recommend using at least six words because of advances in technology that make password cracking easier, so keep that in mind when creating this sort of password.

And, while the differing length of the words makes brute-forcing the password very difficult, you could always complicate things even further with a simple-to-remember pattern—one that would also make the password pass the test for forms that check passwords for complexity. For example, take the sample password from that XKCD comic—“correcthorsebatterystaple”—and apply a pattern where you join words by alternating symbols and numbers like “^” and “2” and then capitalize the second (or whatever) character of each word. You’d end up with the password “cOrrect^hOrse2bAttery^sTaple”—long, complicated, and containing numbers, symbols, and capital letters. But it’s still much easier to remember than a randomized password.

Just remember—it’s not all about password strength. For example, if you re-use the password at multiple locations, it may be leaked, and people may use that leaked password to access your other accounts.

Using unique passwords for every site or service, avoiding phishing sites, and keeping your computer safe from password-capturing malware is also important. Yes, you should choose a strong password—but you need to do more than that. Using stronger passwords won’t keep you secure from all the threats out there, but it’s a good first step.

RELATED: How To Check If Your Account Passwords Have Been Leaked Online and Protect Yourself From Future Leaks

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »