ProtonBlog(new window)
Subscribe by RSS

How to create strong passwords you’ll actually remember

Douglas Crawford(new window)

Share this page

If there’s one thing protecting your personal, financial, and professional information from hackers, it’s your password. Reusing weak passwords is the main culprit in countless data breaches, even though it’s an extremely simple problem to fix.

In this article, we discuss why you need to use a different strong password for each account, and also how to create and remember them. The biggest obstacle is the human brain: It’s not designed to remember truly strong passwords, let alone unique ones for each of the many services you use.

Fortunately, this is exactly the kind of thing computers are very good at. The best way to create and remember strong passwords is to let a good password manager do it for you.

Why you should use strong passwords

The need for strong passwords should be obvious to everyone, but the almost daily reports of catastrophic data breaches(new window) suggests not everyone is taking action to improve their account security.

Strong passwords help to secure your personal information, such as your name, address, phone number, and more, which could otherwise be used for identity theft or fraud. For online banking, shopping, or any financial transactions, they are critical in preventing unauthorized access to your financial details like credit card numbers, bank account information, and transaction history.

In a professional setting, strong passwords help protect sensitive company information, including client data, proprietary research, and internal communications from being compromised.

Hackers often use brute force attacks, where software is used to generate a large number of guesses to crack passwords. Strong, complex passwords are much harder for these programs to guess before security measures lock the account. They also help prevent dictionary attacks that run through a database of common words and phrases to guess passwords.

Many people reuse passwords across multiple accounts. Using a strong, unique password for each account ensures that if one account is compromised, your other accounts remain secure.

How to create and remember strong passwords

Before we talk about password managers, here are some principles to understand the security recommendations for passwords.

What makes a strong password?

Strong passwords have high entropy.(new window) This is a way to measure how unpredictable your password is. Here are some key factors in password entropy:

  1. Length: Aim for at least 12 to 15 characters. Longer passwords are generally stronger.
  2. Complexity: Use a mix of letters (both uppercase and lowercase), numbers, and symbols.
  3. Avoid predictability: Don’t use easily guessed passwords like “123456”, “password”, or “qwerty”. 
  4. Avoid personal information like birthdays, names of your pets or loved ones, or anniversaries.
  5. Uniqueness: Each of your accounts should have its own distinct password. If you reuse a password across multiple services, then a data breach on one service can result in hackers gaining access to all the other services secured with the same password. 

Use a mnemonic device

Unfortunately, while passwords such as h9!fdjhGH68%J@ are secure, they’re not easy (for humans) to remember. One way to address this is to think of a phrase or sentence that’s easy for you to remember. For example, “My first car was a Toyota in 2009!”.

You can then turn your phrase into a password by using the first letter of each word, mixing in numbers and symbols. From the example above, the password could be “MfcwaTi2009!”.

The final step in creating a successful mnemonic device is to associate your password with a mental image to help remember it. For instance, picturing your first car and the year you got it can trigger the memory of your password.

Use a random passphrase

Another option is to use a string of random but memorable words. For example, “Blue Tiger Pizza Rainbow” (keeping the spaces between words, as these add complexity). A great low-tech tool for manually helping to create this kind of random passphrase is Diceware(new window), or you can let Proton’s password generator do the work for you. All Proton Pass apps can also generate strong random passphrases.

XKCD comic

As the above XKCD comic(new window) explains, Diceware-style random passphrases are both secure and easy to remember.

Employ memory techniques

Once you’ve created a suitably complex password or passphrase, you can use memory aids to remember it. These include:

  • Repetition: Type your new password several times when you first create it to help embed it in your memory.
  • Visualization: Imagine the elements of your password in a story or picture. For “Blue Tiger Pizza Rainbow”, you might visualize a blue tiger eating pizza under a rainbow.
  • Regular use: Regularly log in to the site using the password instead of relying on autofill. This helps reinforce memory through frequent use.

The real solution: use a good password manager

You should now be able to create a strong password that you can remember. However, you need a different strong password for each and every service you use. In practice, this is all but impossible for humans to do without resorting to using tools.

Password managers such as Proton Pass are apps that can generate and remember unlimited secure passwords (or passphrases) for you. Most are cross-platform and can automatically sync your passwords across all your devices, so you can access them easily no matter where you are or which device you’re using. 

The Proton Pass app can generate secure passwords and passphrases

With a password manager, you only need to create and remember a single master password that you use to access all your other passwords. And because you need only remember a single password, you should be able to use the techniques outlined above to create a very strong one. 

Try Proton Pass

Proton Pass is a free and open source password manager from the team behind Proton Mail, the largest and most trusted secure email service in the world. With Proton Pass, your passwords are end-to-end encrypted at all times, so even we can’t access them.

Our apps for web, Android, iPhone, and iPad have a unique combination of features:

  • Autofill for easy sign-in to websites and mobile apps.
  • Support for not just your usernames and passwords, but also for end-to-end encrypted notes and credit card information.
  • Integrated two-factor authentication. Our apps can generate and autofill 2FA codes, making it easy to further secure your online accounts.
  • Hide my email aliases that allow you to protect your identity when signing up for online services and to easily disable annoying emails from them.
  • Secure password sharing. Which allows you to categorize and safely share your login information, payment details, and notes with your family, friends, and co-workers.
Learn more about Proton Pass

Final thoughts

Strong passwords are a fundamental aspect of cybersecurity. They act as the first line of defense against unauthorized access, protecting sensitive personal, financial, and professional data. 

As cyber threats grow more sophisticated, the importance of using strong, unique passwords across different accounts cannot be overstated. 

However, the only way to use strong passwords across your multiple web services is to use a safe password manager (such as Proton Pass). This allows you to secure your digital life while only needing to create and remember a single strong password or passphrase. Your password manager will take care of the rest. 

Protect your privacy with Proton
Create a free account

Related articles

chrome password manager
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers
sensitive information
We all have sensitive personal information we’d all rather not share, whether it’s documents, photographs, or even private video. This article covers how to handle sensitive information or records, and what you can do to keep private information priv
Social engineering is a common hacking tactic involving psychological manipulation used in cybersecurity attacks to access or steal confidential information. They then use this information to commit fraud, gain unauthorized access to systems, or, in
is whatsapp safe for sending private photos
WhatsApp is the world’s leading messaging app, trusted by billions of people around the globe to send and receive messages. However, is WhatsApp safe for sending private photos? Or are there better ways to share photos online privately? Let’s find ou
passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on