How to create secure, memorable passwords

close up of username and password login screen of ipad that woman holds
May 05, 2017 | Paul Brucker and Allison Videtti

Passwords were around long before the Internet age. Military sentries (and speakeasy bouncers) would not let people enter an area unless they spoke the correct password. Now, secure passwords are essential if you want to use the Internet to make online purchases, do your banking, access your email or communicate with friends.

The challenge is creating strong passwords that are complex enough to elude hackers but easy enough for you to remember. Ideally, you’ll have a different – and equally secure – password for each site you use.

Dos & Don’ts for creating secure passwords:

Don’ts

  • Don’t use a word that can be found in the dictionary
  • Don’t use the names of your kids, relatives or favorite sports team, as well as your birthdate, anniversary, graduation date, Social Security number, email address, phone number or car license plate number in your password.
  • Don’t use information that you have posted on social media.
  • Don’t use the same password for multiple sites. (According to BitDefender, an anti-virus company, 75% of people use their email password for Facebook and for financial sites.) In particular, don’t use the same password for multiple financial sites or you risk compromising your finances on all those sites.
  • Don’t leave your passwords out for people to see. That means don’t keep a password list in your wallet, in your desk at work or on easy-to-spot sticky notes. If you must write down a password list, keep it well hidden.

Dos:

  • Visa® recommends creating a password between six and 32 characters.
  • Use a mix of upper and lower case letters, special characters (such as # or *) and numbers.
  • Spell words backward (for instance, Chicago becomes Ogacihc).
  • Use an acronym from a phrase, motto or movie quote that you love (so you'll remember it), and capitalize some of the letters. For example, “Today will be a Great Day for me” becomes TwbaGDfme or TwbaGD4me. 
  • Change your passwords often.
  • Take the first three letters of the site you’re entering and add them to the beginning or end of a strong password. For instance, TwbaGD4me is strong and becomes even stronger when you add more characters, such as TwbaGD4meFac for Facebook and TwbaGD4mePay for PayPal.

Consider using a password manager if you have a lot of passwords to remember. There are lots of choices available for these programs. Then, you’ll need to remember only one password – the one that gets you into the password manager.


You might like

Sign up for our newsletter

Get even more personal finance info, tips and tricks delivered right to your inbox each month.