How to create a secure password that you’ll always remember

How to create a secure password that you'll always remember

It seems like everything needs a password these days. Your phone, your computer, your email, your banking apps, your Facebook page, even your front door can ask for a password. If you’re anything like me, keeping track of all those passwords is an absolute nightmare.

I once spent an hour on hold with the cable company to find out the password I had been trying was right all along, just missing one capital letter. Every website asks for something different: three capital letters, two special characters, at least 50 characters, and don’t forget to include an algebra equation!

With the requirements getting more complex every day, how do you create a secure password? And once you do, how do you remember it?

Why Are Secure Passwords Important?

A secure password is your first line of defense against people trying to steal your information online. We understand that strong passwords are important for online banking and credit information.

Still, it’s equally essential for social media and other less personal websites. Hackers can use any platform you’re on to learn about you in an attempt to break into your accounts and steal your identity. Creating strong passwords on all of your accounts helps keep your most important information secure.

Building Secure Passwords

Creating a secure password doesn’t have to mean arranging random numbers and letters in impossible to remember patterns. Here are a few basic password creation do’s and don’ts to remember when making a new password:

DO

  • Create a ‘passphrase’ – Rather than using a single word followed by special characters, a passphrase uses several words with those cursed special characters sprinkled throughout. For example – John3:16=4G (like the bible verse) or 2BorNot2B_ThatIsThe? (like the Hamlet quote). Passphrases are generally easy to remember because they stick to a theme. However, they are much harder to hack because they are longer and more varied than a password.
  • Change Your Passwords – The rule of thumb used to be to change your passwords every 30 days. As it turns out, that makes passwords simpler and harder to remember. Instead, change your password based on your use of the account.

You should definitely change your passwords at least once a year, but also if you’ve logged into an account from a public device or wifi, like a library computer or airport internet. You should also change your password after you’ve shared it with someone, like a past employee or kicking your ex off your Netflix. If you receive a notification of a potential data breach or hacking attempt, always change your password!

  • Two-Factor Authentication – No, this is not a password, but it is one of the best ways to keep your information safe. Two-factor authentication refers to a backup method of ensuring only you have access to your account. They may send you a text or an email, and in addition to entering your password, you also enter the one-time use code that they’ve sent you. So if they give you the option, do it!

DON’T

  • Don’t use the same password everywhere – It’s tempting to use the same password across all your account platforms. You remember it better, you know it fits the requirements, it takes the guesswork out of passwords. But this also takes the guesswork out of it for hackers. If they hack one password, they now have access to every account associated with your email. Don’t do it!
  • Don’t reuse your old passwords – Along the same lines as using the same passwords, reusing old passwords makes your accounts easier to hack. Let’s say you used the password Lucky#7 when you created your company email account in 2018. After months of cycling passwords, you come back to it in 2020. Surely that’s safe, right? Unfortunately, it’s not always obvious when your account has been hacked. Someone may have discovered your password back in the day and kept it on record for future use.
  • Don’t use common passwords – We get it, password123 was a great idea in 1995, but those days have passed. Passwords that include the word ‘password’ are the easiest to guess, so don’t be tempted. Stay away from obvious details like your name, date of birth, or place where you live in the password. All of that can easily be found online.

How to create a secure password that you'll always remember

Keeping Track of Your Passwords

So how do you remember all of these complicated, unduplicated passwords? Don’t be tempted to write them down! Having a list of passwords, either digitally or on paper, leaves your passwords open to almost anyone.

Having all your passwords in one place means that once someone finds that list, they can access all of your accounts in one convenient location. So just don’t! Also, don’t be tempted by password manager programs.There’s just no way to know for sure who has access to your information.

What can you do then? Instead of a typed-out list of passwords, use hints that only you would understand. You can use password themes. For example, g3t_that_$MONEY$ for your paychecks and ABT2_uz_AMZ! (About to use Amazon) for amazon, obviously.

One of the most important ways to ensure that your online interactions are safe and secure is to protect your passwords. The good news is that protecting your passwords is in your control—you just need to create strong passwords and then keep them secret. Follow this advice to help keep your passwords out of the wrong hands.

Create strong passwords

Password security starts with creating a strong password. A strong password is:

At least 12 characters long but 14 or more is better

A combination of uppercase letters, lowercase letters, numbers, and symbols

Not a word that can be found in a dictionary

Not the name of a person or a popular entity such as a character, product, or organization

Significantly different from your previous passwords

Easy for you to remember but difficult for others to guess

Consider using a memorable phrase like “6MonkeysLooking^”

Secure your passwords

Once you’ve created a strong password, you should follow these guidelines to keep it secure:

Don’t share a password with anyone. Not even a friend or family member.

Never send a password by email, instant message, or any other means of communication that is not reliably secure.

Use a unique password for each website. If someone steals a password that you use on multiple websites, all the information that password protects on all of those sites is at risk.

If you don’t want to memorize multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.

Don’t store a password on the device it’s designed to protect.

It’s ok to write your passwords down, as long as you keep them secure. Don’t write them on sticky notes or cards that you keep near the thing the password protects, even if you think they’re well-hidden they could be discovered.

Rather than writing down your password, consider writing down a hint that reminds you of what the password is. So if your password is “Paris4SpringVacation!” you could write down “Your favorite trip.”

Whenever possible, change passwords immediately on accounts you suspect may have been compromised, or even if you just think the password has been compromised.

Avoid entering your password on any device if you’re unsure whether that device is secure. Devices that are shared or available for public use might have keylogging software installed that could capture your password as you type it. You should also avoid allowing your password to be saved on shared or public computers.

Enable multi-factor authentication (MFA) whenever available. MFA is a method of access control that requires more than one credential for verification—such as requiring both a password and a pin. This adds another layer of security in case someone guesses or steals your password. For more information see What is: Multi-factor authentication.

Tip: If you’re asked to create answers to security questions, provide an unrelated answer. For example, if the question is “Where were you born?” you might answer “Green.” Answers like these can’t be found by trolling Twitter or Facebook. (Just be sure they make sense to you, so you’ll remember them.)

Don’t be tricked into revealing your passwords

Criminals can try to break your password, but sometimes it’s easier to exploit human nature and trick you into revealing it.

You might receive an email message pretending to be from an online store (like eBay or Amazon) or a phone call from your “bank” that tries to convince you of the “legitimate” need for your password or other sensitive information. It could be a phishing scam. (You may have heard these con games referred to as social engineering.)

Here are some guidelines to follow to protect your passwords and other sensitive information:

In general, be wary of anyone who is requesting sensitive information from you, even if it appears to be someone you know or a company you trust. For example, a crook may have hijacked a friend’s account and sent email to everyone in the friend’s address book. Treat all unsolicited requests for sensitive information with caution.

Never share your password in response to an email or phone request—for example, to verify your identity—even if it appears to be from a trusted company or person.

Always access websites using trusted links. Scammers can copy the look of a company’s communications to fool you into clicking a phony link or attachment, so use caution with links that appear in unsolicited emails, instant messages, or SMS messages. If in doubt, go directly to the official website of the bank or other service you’re trying to access via your own bookmark or by typing the legitimate address of the service in yourself.

A Secure Password, Is it Possible?

You may have recently heard of “hacking” of accounts, no doubt. Like the celebrity iCloud hacking and the 5 million hacked Gmail accounts. Basically, if something is online, it can be hacked.

To me, security, is a mirage. A hacker with determination and skills can successfully bypass almost anything online. Yes, I know, scary right?

So, how can one stay secure online? Well, lets start by the very basic rule: have a secure password.

This may seem simple enough, but it shouldn’t be taken lightly. You can actually have something you think is secure, but would be no match for a brute-forcing software capable of launching 40,000 attacks per minute.

Steps to choosing a secure password

Here are some steps you can use when creating secure passwords:

1. Use Length To Your Advantage

Create a password that has eight or more characters since this is usually the minimum for most password requirements. The longer the password the more secure it is likely to be.

2. Use random sequence of words and/or letters

How to create a secure password that you'll always remember
Create a phrase or series of letters that are seemingly “random” but is easy to remember. Call this your “base word.”

For Example: If your children are Tolu, Lola, Michael and Polycarp, your base-word could be “tolomipo”.

3. Add numbers to your base word

How to create a secure password that you'll always remember
Adding numbers could make the password even more complicated and harder to crack.

For Example: You can add the last two digits of your children’s birth dates to the end making it “tolomipo89909396”.

Use punctuation and symbols to complicate it further.

How to create a secure password that you'll always remember
You can add punctuations to further nonsense the password to an onlooker. Adding symbols, makes the password one step closer to oblivion.

For Example: You can add an underscore before the birth dates in our example password, and a comma after each birth date, thereby making it “tolomipo_89,90,93,96”

Add complexity with upper and lowercase letters.

How to create a secure password that you'll always remember
For the twist, we are going to play with the case of the letters in our password. A good method is to alternate upper and lower case letters. The first word, uppercase, the next, lower, the next upper and so on, till you exhaust letters.

For example: You can add alternating cases to our password to make it “ToLoMiPo_89,90,93,96”

The security of your bank account, Netflix account and email inbox depends on how well you safeguard your many passwords.

How to create a secure password that you'll always remember

Strong passwords can help keep your data locked down

The key to your online security is to have strong passwords, but the challenge is to create distinct passwords that you can actually remember — or else you may fall into the bad habit of using the same login credentials for multiple accounts. According to LogMeIn, the company behind the LastPass password manager, you could very easily have 85 passwords for all your accounts once you count all of your social media, streaming, bank accounts and apps.

If your data is compromised, weak passwords can have serious consequences, like identity theft. Companies reported a staggering 5,183 data breaches in 2019 that exposed personal information such as home addresses and login credentials that could easily be used to steal your identify or commit fraud. And that pales in comparison with the more than 555 million stolen passwords that hackers on the dark web have published since 2017.

More on security

  • Find and delete the scary amount of data Google has on you
  • 6 Facebook security mistakes to fix
  • With Firefox, stop leaking your data across the internet
Get more out of your tech

The identity protection of a post-password world isn’t here for most of us. So in the meantime, try these best practices that can help minimize the risk of your data being exposed. Read on to learn how to create and manage the best passwords, how to be alerted if they’re breached, and one crucial tip to make your logins even more secure. And here are three old password rules that wound up being dumb today .

Use a password manager to keep track of your passwords

Strong passwords are longer than eight characters, are hard to guess and contain a variety of characters, numbers and special symbols. The best ones can be difficult to remember, especially if you’re using a distinct login for every site (which is recommended). This is where password managers come in.

A trusted password manager such as 1Password or LastPass can create and store strong, lengthy passwords for you. They work across your desktop and phone.

A good password manager can help you keep track of your login info.

The tiny caveat is that you’ll still have to memorize a single master password that unlocks all your other passwords. So make that one as strong as it can be (and see below for more specific tips on that).

Browsers like Google’s Chrome and Mozilla’s Firefox also come with password managers, but our sister site TechRepublic has concerns about how browsers secure the passwords they store and recommends using a dedicated app instead.

Password managers with their single master passwords are, of course, obvious targets for hackers. And password managers aren’t perfect. LastPass fixed a flaw last September that could have exposed a customer’s credentials. To its credit, the company was transparent about the potential exploit and the steps it would take in the event of a hack.

Yes, you can write your login credentials down. Really

We know: This recommendation goes against everything we’ve been told about protecting ourselves online. But password managers aren’t for everyone, and some leading security experts, like the Electronic Frontier Foundation, suggest that keeping your login information on a physical sheet of paper or in a notebook is a viable way to track your credentials.

And we’re talking about real, old-fashioned paper, not an electronic document like a Word file or a Google spreadsheet, because if someone gains access to your computer or online accounts, they can also gain access to that electronic password file.

Keeping passwords on a sheet of paper or in a notebook might work best for some people.

Graphic by Pixabay/Illustration by CNET

Of course, someone could also break into your house and walk off with the passkeys to your entire life, but that seems less likely. At work or at home, we recommend keeping this sheet of paper in a safe place — like a locked desk drawer or cabinet — and out of eyesight. Limit the number of people who know where your passwords are, especially to your financial sites.

If you travel often, physically carrying your passwords with you introduces greater risk if you misplace your notebook.

Find out if your passwords have been stolen

You can’t always stop your passwords from leaking out, either through a data breach or a malicious hack . But you can check at any time for hints that your accounts might be compromised.

Mozilla’s Firefox Monitor and Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action. Have I Been Pwned can also show you if your emails and passwords have been exposed. If you do discover you’ve been hacked, see our guide for how to protect yourself .

Hint: using your dog’s name won’t cut it

As the internet has grown to fight back against password crackers and other hackers, they’ve fought back just as hard. The introduction of CAPTCHA presented a huge roadblock for password thieves, but methods such as OCR (optical character recognition) have helped defeat it.

Now more than ever, having the most secure password is crucial. Two decades ago, common advice would be to simply never use a dictionary word as your password. Today, it’s much more complex than that.

How to create a secure password that you'll always remember

Until the adoption of alternative methods of account security, proper password etiquette can save you countless hours of headaches and frustration. In this article, let’s discuss three methods that you can use to create strong and secure passwords.

Using a Secure Password Generator

For many, the best solution to creating the most secure password is actually to not create one yourself at all. Relying on a random password generator, be it through a site like Random.org or a tool such as LastPass, guarantees a quick way of creating an unlimited number of secure passwords.

We suggest that you create a password at least 12 characters in length, using all of letters, numbers, and symbols. Some sites will limit your password length and restrict the use of symbols, but those can be handled as special cases when you arrive at them. Don’t limit your overall security just because of a few fringe outliers.

How to create a secure password that you'll always remember

This is a solid method because it guarantees that your password will be incredibly secure, but it comes at a major cost: How will you remember the password? For many, it comes down to these two options:

  • Writing it down, either in a file or on paper
  • Storing it in a password manager such as LastPass

However, both have potential downfalls. You can lose paper and your computer files can be lost or hacked, and what’s stopping your password manager from suffering a breach? After all, it has to be protected by a password, too.

On the upside, the best password managers offer multiple forms of authentication. For example, with LastPass, you can protect your account by both an account password and a two-factor authentication device that you can keep with you physically.

Using Sentences Or Phrases

Everyone remembers things differently. Some people have very photographic memories, while others will only remember something by repeating it over and over, hundreds of times.

However, it’s easy to agree that remembering a sentence is probably easy than remembering a random 16-character alphanumeric string. You can create strong and secure passwords out of sentences or phrases that you’ll never forget.

How to create a secure password that you'll always remember

Here’s an example: “My first dog’s name was Albert. He was a white Labrador Retriever.”

Using the first letter of each word in this sentence, and each punctuation mark, we can create this password: Mfd’nwA.HwawLR.

Like using a generator or password manager, this again comes with a downside. If you intend to use unique passwords for every website, which you should, remembering which sentence or phrase is assigned to each is just as difficult as remembering your obscure passwords. However, you might be able to pull it off!

Using a Base

Using a password as a base to generate other secure passwords is a method that you won’t find discussed on many other sites, but we believe that it’s one of the best and most versatile ways to both remember an infinite number of passwords and use a unique password for (almost) every website or app.

Start by coming up with a base password. For this example, we’ll use this:

You will need to memorize the base password. To do so, you can even create a base that’s built off of our sentence method. Since the base password will never be a full password that you use, you can even write it down somewhere while you’re in the process of memorizing it.

How to create a secure password that you'll always remember

Next, come up with a simple formula to create a short string based on the websites or apps you use. One method you could use is considering the domain name.

For example, Online Tech Tips’ domain name is online-tech-tips.com. Now, let’s take the first two and last two letters of the domain name, without the extension (.com), and add it to our base. We’ll use the first two letters as a prefix and the last two letters as a suffix.

Our password is now this: [email protected]$tk8kQps

Since every website has to have a domain name, this is a really solid method. However, you may want to modify this in the case of using mobile apps. For these, you can simply use the same trick while considering the app’s name. Like this, the password for your Discord app would be as follows: [email protected]$tk8kQrd

The only drawback of this method is in the event that several of your passwords are somehow leaked to the same person. If they’re savvy enough, they may be able to figure out how you’re generating each password. In that case, they’ve effectively stolen them all.

If you’re not willing to use the single choke-point of a password manager, creating your own unique, strong, and most secure passwords is an extremely valuable skill. Regardless of your approach, sticking with it is very important.

The moment you become lazy or complacent and begin reusing passwords or making use of passwords that aren’t complex enough, your security is at risk.

Craig is a long-time writer, coder, and marketer with years of experience in the technology and gaming spaces. Since 2008, he’s worked remotely with some of the most notable publications in these industries, specializing in Windows, PC hardware and software, automation, and the like. Read Craig’s Full Bio

Today’s Best Tech Deals

Picked by PCWorld’s Editors

Top Deals On Great Products

Picked by Techconnect’s Editors

Microsoft Chairman Bill Gates declared the password dead. He told his audience that the password can’t meet the challenge of keeping sensitive information protected, saying “People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

That was six years ago at the 2004 RSA Security Conference. Paraphrasing some wisdom from Samuel Clemens, the rumors of the password’s demise have been greatly exaggerated. It is still the primary security control used to protect data, accounts, and pretty much everything else on a computer.

Gates may have been premature in calling the time of death on the password, but his assessment of why the password is inadequate as a security control were accurate. A study of more than 30 million passwords exposed when Rockyou.com was hacked found that almost half use names, common dictionary words, or sequential characters like “qwerty”.

Fingerprint scanners and other biometric controls are becoming more mainstream, but the password will still be the main barrier between hackers and your data for the foreseeable future. With that in mind, here is how to create a secure password that you can actually remember in “12345” easy steps.

1.No Personal Information. Any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. Never choose a password that has anything to do with you personally.

2.No real words. Let’s take that a step farther. Not only should you not use your name or your pet’s name, you shouldn’t use any actual word that can be found in a dictionary. Passwords like that can be easily cracked by password software.

3.Mix Character Types. Passwords are almost always case-sensitive, so use both upper and lower case letters to make it more difficult. To really make it complex, be more creative than just capitalizing the first letter. For example, do “paSswoRd” instead of just “Password”. Better yet, throw in some numbers and special characters to substitute for letters, and do “[email protected]”.

4.Use a Passphrase. Scratch that. Some password cracking utilities are also smart enough to use common character substitutions for common words. Cracking “[email protected]” may take longer than cracking “password”, but it will still be relatively trivial to crack because, special characters or not, the password is still “password”.

Instead, take your favorite line from a movie, song, or book and convert it to a passphrase. If you like the scene from A Few Good Men when Jack Nicholson is on the stand, take the line “You want the truth? You can’t handle the truth!” and convert it to “Ywtt?Ychtt!”. It has upper case and lower case letters, as well as special characters. It is not a word appearing in any dictionary, yet it is simple for you to remember.

5.Use a Tool. The main reason that users choose passwords that are easy to crack is that they want to choose passwords that are easy to remember. It is obviously much easier to remember your dog’s name, or type characters in the order they appear on the keyboard, like “123456”, than it is to recall “[email protected]@”. But, guess which one is more secure?

You can use a password management tool to store complex passwords. It has some impact on security since cracking the password to access the password management tool grants access to all the rest of the passwords, but it does enable you to use stronger passwords for various Web sites, accounts, and applications without having to remember them all.

Windows has included a Credential Manager utility since Windows XP that lets users save passwords and provides a single sign-on solution. Logging in to Windows unlocks the vault and automatically applies the credentials from the vault as needed to access sites and applications.

One of the most important ways to ensure that your online interactions are safe and secure is to protect your passwords. The good news is that protecting your passwords is in your control—you just need to create strong passwords and then keep them secret. Follow this advice to help keep your passwords out of the wrong hands.

Create strong passwords

Password security starts with creating a strong password. A strong password is:

At least 12 characters long but 14 or more is better

A combination of uppercase letters, lowercase letters, numbers, and symbols

Not a word that can be found in a dictionary

Not the name of a person or a popular entity such as a character, product, or organization

Significantly different from your previous passwords

Easy for you to remember but difficult for others to guess

Consider using a memorable phrase like “6MonkeysLooking^”

Secure your passwords

Once you’ve created a strong password, you should follow these guidelines to keep it secure:

Don’t share a password with anyone. Not even a friend or family member.

Never send a password by email, instant message, or any other means of communication that is not reliably secure.

Use a unique password for each website. If someone steals a password that you use on multiple websites, all the information that password protects on all of those sites is at risk.

If you don’t want to memorize multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.

Don’t store a password on the device it’s designed to protect.

It’s ok to write your passwords down, as long as you keep them secure. Don’t write them on sticky notes or cards that you keep near the thing the password protects, even if you think they’re well-hidden they could be discovered.

Rather than writing down your password, consider writing down a hint that reminds you of what the password is. So if your password is “Paris4SpringVacation!” you could write down “Your favorite trip.”

Whenever possible, change passwords immediately on accounts you suspect may have been compromised, or even if you just think the password has been compromised.

Avoid entering your password on any device if you’re unsure whether that device is secure. Devices that are shared or available for public use might have keylogging software installed that could capture your password as you type it. You should also avoid allowing your password to be saved on shared or public computers.

Enable multi-factor authentication (MFA) whenever available. MFA is a method of access control that requires more than one credential for verification—such as requiring both a password and a pin. This adds another layer of security in case someone guesses or steals your password. For more information see What is: Multi-factor authentication.

Tip: If you’re asked to create answers to security questions, provide an unrelated answer. For example, if the question is “Where were you born?” you might answer “Green.” Answers like these can’t be found by trolling Twitter or Facebook. (Just be sure they make sense to you, so you’ll remember them.)

Don’t be tricked into revealing your passwords

Criminals can try to break your password, but sometimes it’s easier to exploit human nature and trick you into revealing it.

You might receive an email message pretending to be from an online store (like eBay or Amazon) or a phone call from your “bank” that tries to convince you of the “legitimate” need for your password or other sensitive information. It could be a phishing scam. (You may have heard these con games referred to as social engineering.)

Here are some guidelines to follow to protect your passwords and other sensitive information:

In general, be wary of anyone who is requesting sensitive information from you, even if it appears to be someone you know or a company you trust. For example, a crook may have hijacked a friend’s account and sent email to everyone in the friend’s address book. Treat all unsolicited requests for sensitive information with caution.

Never share your password in response to an email or phone request—for example, to verify your identity—even if it appears to be from a trusted company or person.

Always access websites using trusted links. Scammers can copy the look of a company’s communications to fool you into clicking a phony link or attachment, so use caution with links that appear in unsolicited emails, instant messages, or SMS messages. If in doubt, go directly to the official website of the bank or other service you’re trying to access via your own bookmark or by typing the legitimate address of the service in yourself.

How to create a secure password that you'll always rememberWe’ve had a lot of Internet security scares in the past few months. From the massive PlayStation Network security compromise to the Gawker Media hack attack, it seems that we’re rushing to change our passwords every two weeks. And now, this month brings us a LastPass security notification that warned that a potential breach might have occurred. While the announcement was mostly precautionary, it highlights a disturbing reality for web security—your password is never safe, even with a renowned and highly acclaimed password vault service.

In tech security circles, experts always refrain from saying any system is 100% secure—because nothing is. If your data exists in digital form somewhere out there, then it can potentially be compromised. The chances may be slim, but as we’ve seen from the last few episodes, even highly respected stewards of personal data are vulnerable (perhaps because of their prominence, rather than in spite of it; they are bigger targets).

There is one last place where your passwords can be secure, however: in your noodle. While a determined brute force attack can crack a simple password in a matter of minutes and a rogue employee can compromise gigabytes of sensitive information within seconds, the only way to get the secrets from inside your head is through waterboarding or mind reading. But how do you create a password that is easy for you to remember, but impossible for a hacker to guess?

In spite of what the websites of financial institutions think, it’s not a matter of basing your security questions on obscure personal facts from your childhood. Anyone who grew up in my small town of 6,000 is going to be able to guess my high school mascot, the name of my childhood best friend and my mother’s maiden name with ease.

Steve wrote a simple How-To for coming up with a secure password however if you still need a method to generate memorable, unique password — here it is:

Personal Rule-based Passwords

When a computer program encrypts data, it does so using an encryption key. Without this encryption key, you can’t unscramble the data into something meaningful. Creating a password that’s easy for you to remember but hard for others to guess uses a similar concept. What you need to do is create your own personal “encryption key.” That is, a set of rules that only you know that will help you figure out what your password is.

Step 1

Create one or two nonsense words. This will be the core of your password. Think like Dr. Suess here, and come up with a nonsense word that you never utter in real life. For example:

  • zyppyPop
  • Pacheenenock
  • halPenpulpum
  • RiggerRonut

Go ahead and Google your nonsense word in an Incognito Window (so it doesn’t get saved in your search history) to confirm that it’s not actually a foreign word or something. For the rest of this example, let’s use “zyppypop as our nonsense word.How to create a secure password that you'll always remember

Step 2

Create a capitalization rule. Most sites now require you to have one or two capital letters anyway. Making the first letter capital is too obvious, so make a site-specific rule instead. For example, you could simply count the number of letters in the URL and then make that letter in your nonsense word capital.

For instance, Mint.com has four letters in it. So you’d capitalize the fourth letter in our nonsense word and get zypPypop.

Now, what makes this password more secure is that the capitalization will be different for each site since it’s based on a personal rule. The nonsense word for Gmail.com would be the fifth letter: zyppYpop.

See how that works?

Of course, you might not want to use the rule I just described here. Maybe add or subtract an arbitrary number for your rule to change things up.

Step 3

Add a special character. Acceptable characters typically include:

You can use whatever rule you want here. To change it up, you might want to have one special character for one situation and another for another situation. Where you place it is up to you, just make sure it’s not predictable (e.g., an exclamation point at the end of the password) and it’s memorable. For example, you might want to place it in the middle of your nonsense word by your capital letter: zyppYp!op

Step 4

Add a numeral. Make it at least two numbers, since some sites require two. You can base this off a rule or pick something arbitrary. Just don’t make it 69 or 420 or the year you were born or graduated.

Example: zyppYp!op03

Or better yet, shove it somewhere in the middle: zyppYp!03op

Step 5

Add additional rules you can think of. I think anyone would be hard-pressed to figure out your nonsense word, your capitalization rule, and your special character rule. But even so, you should invent one more rule that has nothing to do with anything I’ve talked about here. Be creative, but make sure you can remember how to rebuild your password when you get to a site.

Results: A Memorable, Unique Password for Each Website

I won’t say that this is 100% secure, but the benefits of this password creation method are fourfold:

  • You can remember it. No need to write down your passwords or save them on a local or server-based hard drive. If you need help remembering your rules for the first few days, write them down on an index card and stuff it in your wallet. Shred it once you have it figured out.
  • You’ll have a unique password for every website. Well, it’s only unique to a piece of hacking software—it’ll all be the same to you. This stops people from guessing your Gmail password and then using it to log in to your bank account, your online poker account, and your Etsy store. E.g.:
    • Gmail.com: zyppYp!03opHow to create a secure password that you'll always remember
    • Facebook.com: zyppypoP!03
    • Aol.com: zyP!03pypop
    • Twitter.com: zyppypO!03p
  • Your passwords will have uppercase and lowercase letters, numerals and special characters in it. This is a minimum requirement for most secure websites.
  • The password is easy to change. Say, you could keep the nonsense word but change the numeral or special character. Or you could keep all your other personal rules and change the nonsense word.

If you have any other ideas for creating secure, memorable passwords, please share them in the comments below.

[Key Flickr image used under Creative Commons license. Credit: jakeliefer]

Learn about secure mail keys and why you’ll need one to access your AT&T email from a desktop program or email app without Open Authentication (OAuth).

AT&T email app security to update soon

Act now to avoid email hiccups

Do you use a desktop program or a mobile app to access and manage your AT&T email? If so, we suggest you use one with Open Authentication (OAuth) technology, which encrypts your username and password. Learn about OAuth and find out if your app uses OAuth.

If your email program or app doesn’t have OAuth technology, it will only be able to access your AT&T email program or app using a 16-character secure mail key. Be sure to use myAT&T to create a secure mail key for each of your AT&T email addresses and subaccounts, so you can continue to:

  • Access your AT&T email with your favorite email apps
  • Synchronize other account info, such as your calendar and contacts, to your email app

Create a secure mail key

Additional secure mail key notes

Learn how to switch to an OAuth email app and avoid secure mail keys
For step-by-step instructions to set up or update your email account in several popular email apps, use our Troubleshoot & Resolve Tool.

Review email apps on all your devices
Check the email apps you use on each of your devices to see if they use OAuth technology. If they don’t, we suggest you switch to an OAuth email app. Otherwise, you’ll have to set up a secure mail key to use with your non-OAuth email apps. Learn more about OAuth email apps

Get one secure mail key for each email address
Every AT&T email address, including each subaccount, must have its own secure mail key if you want to use it with an email app that isn’t OAuth compatible.

Access your AT&T email account without an OAuth mail app or secure mail key
You can always read and manage your email through a Web browser at currently.com. Use your AT&T email and password.

Remember that a secure mail key won’t affect your AT&T email password
You’ll still use the same password you currently use for your AT&T email account in OAuth-compatible apps, myAT&T, other AT&T products like currently.com and webmail. And, when you change your AT&T email password, you won’t need to get a new secure mail key.

Keep your secure mail key as long as you like
Secure mail keys never expire.

Create a new secure mail key for a blocked or locked account
For safety reasons, we delete secure mail keys whenever we have to lock or block your account. If that happens, you’ll have to create a new secure mail key for each AT&T email address.

Give your secure mail key a nickname
We suggest you create a nickname to identify your secure mail key, especially if you have more than one. It’s much easier to recognize a nickname, like Ari’s email or Kelly’s email, than the 16 random characters you entered when you set up your email.