Proton
Подписаться на RSS-канал

How to create strong passwords you’ll actually remember

Douglas Crawford

Поделиться этой страницей

If there’s one thing protecting your personal, financial, and professional information from hackers, it’s your password. Reusing weak passwords is the main culprit in countless data breaches, even though it’s an extremely simple problem to fix.

In this article, we discuss why you need to use a different strong password for each account, and also how to create and remember them. The biggest obstacle is the human brain: It’s not designed to remember truly strong passwords, let alone unique ones for each of the many services you use.

Fortunately, this is exactly the kind of thing computers are very good at. The best way to create and remember strong passwords is to let a good password manager do it for you.

Why you should use strong passwords

The need for strong passwords should be obvious to everyone, but the almost daily reports of catastrophic data breaches(new window) suggests not everyone is taking action to improve their account security.

Strong passwords help to secure your personal information, such as your name, address, phone number, and more, which could otherwise be used for identity theft or fraud. For online banking, shopping, or any financial transactions, they are critical in preventing unauthorized access to your financial details like credit card numbers, bank account information, and transaction history.

In a professional setting, strong passwords help protect sensitive company information, including client data, proprietary research, and internal communications from being compromised.

Hackers often use brute force attacks, where software is used to generate a large number of guesses to crack passwords. Strong, complex passwords are much harder for these programs to guess before security measures lock the account. They also help prevent dictionary attacks that run through a database of common words and phrases to guess passwords.

Many people reuse passwords across multiple accounts. Using a strong, unique password for each account ensures that if one account is compromised, your other accounts remain secure.

How to create and remember strong passwords

Before we talk about password managers, here are some principles to understand the security recommendations for passwords.

What makes a strong password?

Strong passwords have high entropy. This is a way to measure how unpredictable your password is. Here are some key factors in password entropy:

  1. Length: Aim for at least 12 to 15 characters. Longer passwords are generally stronger.
  2. Complexity: Use a mix of letters (both uppercase and lowercase), numbers, and symbols.
  3. Avoid predictability: Don’t use easily guessed passwords like “123456”, “password”, or “qwerty”. 
  4. Avoid personal information like birthdays, names of your pets or loved ones, or anniversaries.
  5. Uniqueness: Each of your accounts should have its own distinct password. If you reuse a password across multiple services, then a data breach on one service can result in hackers gaining access to all the other services secured with the same password. 

Use a mnemonic device

Unfortunately, while passwords such as h9!fdjhGH68%J@ are secure, they’re not easy (for humans) to remember. One way to address this is to think of a phrase or sentence that’s easy for you to remember. For example, “My first car was a Toyota in 2009!”.

You can then turn your phrase into a password by using the first letter of each word, mixing in numbers and symbols. From the example above, the password could be “MfcwaTi2009!”.

The final step in creating a successful mnemonic device is to associate your password with a mental image to help remember it. For instance, picturing your first car and the year you got it can trigger the memory of your password.

Use a random passphrase

Another option is to use a string of random but memorable words. For example, “Blue Tiger Pizza Rainbow” (keeping the spaces between words, as these add complexity). A great low-tech tool for manually helping to create this kind of random passphrase is Diceware(new window), or you can let Proton’s password generator do the work for you. All Proton Pass apps can also generate strong random passphrases.

XKCD comic

As the above XKCD comic(new window) explains, Diceware-style random passphrases are both secure and easy to remember.

Employ memory techniques

Once you’ve created a suitably complex password or passphrase, you can use memory aids to remember it. These include:

  • Repetition: Type your new password several times when you first create it to help embed it in your memory.
  • Visualization: Imagine the elements of your password in a story or picture. For “Blue Tiger Pizza Rainbow”, you might visualize a blue tiger eating pizza under a rainbow.
  • Regular use: Regularly log in to the site using the password instead of relying on autofill. This helps reinforce memory through frequent use.

The real solution: use a good password manager

You should now be able to create a strong password that you can remember. However, you need a different strong password for each and every service you use. In practice, this is all but impossible for humans to do without resorting to using tools.

Password managers such as Proton Pass are apps that can generate and remember unlimited secure passwords (or passphrases) for you. Most are cross-platform and can automatically sync your passwords across all your devices, so you can access them easily no matter where you are or which device you’re using. 

The Proton Pass app can generate secure passwords and passphrases

With a password manager, you only need to create and remember a single master password that you use to access all your other passwords. And because you need only remember a single password, you should be able to use the techniques outlined above to create a very strong one. 

Try Proton Pass

Proton Pass is a free and open source password manager from the team behind Proton Mail, the largest and most trusted secure email service in the world. With Proton Pass, your passwords are end-to-end encrypted at all times, so even we can’t access them.

Our apps for web, Android, iPhone, and iPad have a unique combination of features:

  • Autofill for easy sign-in to websites and mobile apps.
  • Support for not just your usernames and passwords, but also for end-to-end encrypted notes and credit card information.
  • Integrated two-factor authentication. Our apps can generate and autofill 2FA codes, making it easy to further secure your online accounts.
  • Hide my email aliases that allow you to protect your identity when signing up for online services and to easily disable annoying emails from them.
  • Secure password sharing. Which allows you to categorize and safely share your login information, payment details, and notes with your family, friends, and co-workers.
Learn more about Proton Pass

Final thoughts

Strong passwords are a fundamental aspect of cybersecurity. They act as the first line of defense against unauthorized access, protecting sensitive personal, financial, and professional data. 

As cyber threats grow more sophisticated, the importance of using strong, unique passwords across different accounts cannot be overstated. 

However, the only way to use strong passwords across your multiple web services is to use a safe password manager (such as Proton Pass). This allows you to secure your digital life while only needing to create and remember a single strong password or passphrase. Your password manager will take care of the rest. 

Обеспечьте конфиденциальность своих данных с Proton
Создать бесплатный аккаунт

Поделиться этой страницей
Douglas Crawford

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

Статьи по теме

proton scribe
en
Most of us send emails every day. Finding the right words and tone, however, can take up a lot of time. Today we’re introducing Proton Scribe, a smart, privacy-first writing assistant built right into Proton Mail that helps you compose and improve yo
en
People and companies are generally subject to the laws of the country and city where they are located, and those laws can change when they move to a new place. However, the situation becomes more complicated when considering data, which can be subjec
en
  • Советы о конфиденциальности
Is your data safe from Google Docs AI scraping?
Your online data is no longer just used for ads but also for training AI. Google uses publicly available information to train its AI models, raising concerns over whether AI is even compatible with data protection laws. People are worried companies
en
  • Советы о конфиденциаль��ости
How to manage passwords on iPhone and improve your security
iPhone stores passwords in iCloud Keychain, Apple’s built-in password manager. It’s convenient but has some drawbacks. A major issue is that it doesn’t work well with other platforms, making it hard for Apple users to use their passwords and passkeys
en
There are many reasons you may need to share passwords, bank details, and other highly sensitive information. But we noticed that many people do this via messaging apps or other methods that put your data at risk. In response to the needs of our com
en
  • Новости о конфиденциальности
How to build privacy-protecting AI
Large language models (LLMs) trained on public datasets can serve a wide range of purposes, from composing blog posts to programming. However, their true potential lies in contextualization, achieved by either fine-tuning the model or enriching its p