ProtonBlog
Subscribe by RSS

How to create strong passwords you’ll actually remember

Douglas Crawford

Share this page

If there’s one thing protecting your personal, financial, and professional information from hackers, it’s your password. Reusing weak passwords is the main culprit in countless data breaches, even though it’s an extremely simple problem to fix.

In this article, we discuss why you need to use a different strong password for each account, and also how to create and remember them. The biggest obstacle is the human brain: It’s not designed to remember truly strong passwords, let alone unique ones for each of the many services you use.

Fortunately, this is exactly the kind of thing computers are very good at. The best way to create and remember strong passwords is to let a good password manager do it for you.

Why you should use strong passwords

The need for strong passwords should be obvious to everyone, but the almost daily reports of catastrophic data breaches(new window) suggests not everyone is taking action to improve their account security.

Strong passwords help to secure your personal information, such as your name, address, phone number, and more, which could otherwise be used for identity theft or fraud. For online banking, shopping, or any financial transactions, they are critical in preventing unauthorized access to your financial details like credit card numbers, bank account information, and transaction history.

In a professional setting, strong passwords help protect sensitive company information, including client data, proprietary research, and internal communications from being compromised.

Hackers often use brute force attacks, where software is used to generate a large number of guesses to crack passwords. Strong, complex passwords are much harder for these programs to guess before security measures lock the account. They also help prevent dictionary attacks that run through a database of common words and phrases to guess passwords.

Many people reuse passwords across multiple accounts. Using a strong, unique password for each account ensures that if one account is compromised, your other accounts remain secure.

How to create and remember strong passwords

Before we talk about password managers, here are some principles to understand the security recommendations for passwords.

What makes a strong password?

Strong passwords have high entropy. This is a way to measure how unpredictable your password is. Here are some key factors in password entropy:

  1. Length: Aim for at least 12 to 15 characters. Longer passwords are generally stronger.
  2. Complexity: Use a mix of letters (both uppercase and lowercase), numbers, and symbols.
  3. Avoid predictability: Don’t use easily guessed passwords like “123456”, “password”, or “qwerty”. 
  4. Avoid personal information like birthdays, names of your pets or loved ones, or anniversaries.
  5. Uniqueness: Each of your accounts should have its own distinct password. If you reuse a password across multiple services, then a data breach on one service can result in hackers gaining access to all the other services secured with the same password. 

Use a mnemonic device

Unfortunately, while passwords such as h9!fdjhGH68%J@ are secure, they’re not easy (for humans) to remember. One way to address this is to think of a phrase or sentence that’s easy for you to remember. For example, “My first car was a Toyota in 2009!”.

You can then turn your phrase into a password by using the first letter of each word, mixing in numbers and symbols. From the example above, the password could be “MfcwaTi2009!”.

The final step in creating a successful mnemonic device is to associate your password with a mental image to help remember it. For instance, picturing your first car and the year you got it can trigger the memory of your password.

Use a random passphrase

Another option is to use a string of random but memorable words. For example, “Blue Tiger Pizza Rainbow” (keeping the spaces between words, as these add complexity). A great low-tech tool for manually helping to create this kind of random passphrase is Diceware(new window), or you can let Proton’s password generator do the work for you. All Proton Pass apps can also generate strong random passphrases.

XKCD comic

As the above XKCD comic(new window) explains, Diceware-style random passphrases are both secure and easy to remember.

Employ memory techniques

Once you’ve created a suitably complex password or passphrase, you can use memory aids to remember it. These include:

  • Repetition: Type your new password several times when you first create it to help embed it in your memory.
  • Visualization: Imagine the elements of your password in a story or picture. For “Blue Tiger Pizza Rainbow”, you might visualize a blue tiger eating pizza under a rainbow.
  • Regular use: Regularly log in to the site using the password instead of relying on autofill. This helps reinforce memory through frequent use.

The real solution: use a good password manager

You should now be able to create a strong password that you can remember. However, you need a different strong password for each and every service you use. In practice, this is all but impossible for humans to do without resorting to using tools.

Password managers such as Proton Pass are apps that can generate and remember unlimited secure passwords (or passphrases) for you. Most are cross-platform and can automatically sync your passwords across all your devices, so you can access them easily no matter where you are or which device you’re using. 

The Proton Pass app can generate secure passwords and passphrases

With a password manager, you only need to create and remember a single master password that you use to access all your other passwords. And because you need only remember a single password, you should be able to use the techniques outlined above to create a very strong one. 

Try Proton Pass

Proton Pass is a free and open source password manager from the team behind Proton Mail, the largest and most trusted secure email service in the world. With Proton Pass, your passwords are end-to-end encrypted at all times, so even we can’t access them.

Our apps for web, Android, iPhone, and iPad have a unique combination of features:

  • Autofill for easy sign-in to websites and mobile apps.
  • Support for not just your usernames and passwords, but also for end-to-end encrypted notes and credit card information.
  • Integrated two-factor authentication. Our apps can generate and autofill 2FA codes, making it easy to further secure your online accounts.
  • Hide my email aliases that allow you to protect your identity when signing up for online services and to easily disable annoying emails from them.
  • Secure password sharing. Which allows you to categorize and safely share your login information, payment details, and notes with your family, friends, and co-workers.
Learn more about Proton Pass

Final thoughts

Strong passwords are a fundamental aspect of cybersecurity. They act as the first line of defense against unauthorized access, protecting sensitive personal, financial, and professional data. 

As cyber threats grow more sophisticated, the importance of using strong, unique passwords across different accounts cannot be overstated. 

However, the only way to use strong passwords across your multiple web services is to use a safe password manager (such as Proton Pass). This allows you to secure your digital life while only needing to create and remember a single strong password or passphrase. Your password manager will take care of the rest. 

Protect your privacy with Proton
Create a free account

Related articles

Is WeTransfer safe?
  • Privacy basics
Is WeTransfer safe?
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi