How to Create Strong Passwords That You Can Easily Remember

Many users out there are still using passwords like “123456” or “password” that are easy to hack. We provide you with tips on how to create better alternatives and properly manage your login credentials.

Björn GreifEditor

[This post has been completely updated and republished several times since its initial publication in 2018.]

Extremely insecure combinations like “123456,” “password,” and “qwerty” are still regularly reported in lists of the most common passwords. Such repeated or keyboard patterns as well as terms found in dictionaries are not a good choice because they often can be hacked in a matter of seconds using certain technologies.

The essentials in brief:

  • No repeated or keyboard patterns as well as terms found in dictionaries
  • No reference to personal information (e.g., names or dates of birth)
  • Use a minimum of eight characters — the more, the better
  • Mix of capital and lowercase letters, special characters and numbers
  • A unique password for every service
  • Use a password manager with built-in password generator
  • Use two-factor authentication

Some Basic Tips

Secure passwords should never contain a reference to personal information (for example, names of family members or dates of birth). The recommendation is to use a minimum of eight characters — the more, the better — and these should include a mix of capital and lowercase letters, special characters and numbers. In creating a password, be sure you don’t simply place numbers and common characters like ! or ? at the beginning or end of an otherwise ordinary word.

Relatively secure and easy to remember are passphrases derived from a sentence. You can, for instance, string together the beginning letters of the words in a sentence, including special characters. When doing so, please do not use a well-known quote or saying. Even better are sentences you think of yourself like “My password has > 10 characters and is only used for my Email Account.” This would then be shortened to “Mph>10caioufmEA”. If you incorporate the service you’re using the password for into the passphrase right from the start, you’ll always know immediately the user account for which it’s used.

In creating such a password, however, you should be aware that some special characters might not be available on a foreign-language keyboard or accepted by some websites. You can easily check the security level of a passphrase you’ve created using various online password checkers. But when you carry out this check, do not enter your actual password; rather, only use a password that follows a similar pattern as yours.

Use a Password Manager

If you don’t want to come up with a password yourself, you can also use a password generator to randomly create combinations of characters. But these passwords are often difficult to remember. In this case, using a password manager allows you to easily manage all your login credentials. Then you only have to remember one master password that does, however, have to be suitably long and complex. After all, anyone who finds out your master password will automatically have access to all your other login credentials.

The Cliqz Browser for Windows and macOS features an integrated password manager that can be secured using a master password. You will find this in the settings menu Privacy & Security under Browser Privacy. As an alternative, Cliqz supports password manager extensions such as LastPass, Bitwarden and 1Password X. They allow you to generate strong passwords and synchronize your credentials across multiple devices. It must be said, however, that Cliqz has no control over what data these add-ons have access to.

A Unique Password for Every Service

This generally applies: You should never share your password or jot it down on a piece of paper that you keep near your computer. It’s also important to regularly change your login credentials, immediately replace a predefined password with one of your own, and use a different password for each user account. That means never use the same password for multiple web services. This is because you can never be sure that your login credentials are saved securely by the provider.

A hacker who manages to get access to login data is sure to try this out at other services, which could lead to identity theft and financial losses. For additional protection, you should always have the most up-to-date security software installed. This helps prevent the computer from being infected with malware like keyloggers, which can directly extract passwords as they are entered.

Beyond employing complex passwords, use of two-factor authentication is recommended. For the login process, most web services have begun to offer proof of identity using a combination of two independent components. In addition to a password, they usually request a code that is, for example, sent during login as a text message to a smartphone. This method is significantly more secure than just using passwords.