Why You Need a Secure Way To Remember Passwords
Passwords are the first — and sometimes only — line of defense against hackers.
When you use strong and unique passwords for every account, you are much less vulnerable to account takeovers and losing sensitive information that could be used to steal your identity.
Unfortunately, few people have secure systems in place to help them protect and remember their passwords. According to recent surveys:
- 53% of people rely solely on memory to manage their passwords [*].
- 51% of people reuse the same passwords for work and personal accounts.
- 23 million account holders use the password “123456” [*].
Even worse, strong and complex passwords are being leaked onto the Dark Web almost daily due to data breaches at major companies, including PayPal, Twitter, and Facebook.
And in February 2023, news spread that hackers had stolen data center login credentials from some of the world’s biggest companies, including Apple, Microsoft, and Goldman Sachs [*].
If you reuse passwords (or are unaware that they’ve been leaked), this can jeopardize the security of your most sensitive online accounts — including your banking, email, and social media accounts.
How To Remember Passwords That Hackers Won’t Guess
The longer a password is in length, the harder it is for cybercriminals to crack — but this means it’s also harder for you to remember.
According to cybersecurity researchers, a 10-character password with a mix of uppercase and lowercase letters, numbers, and symbols can take five months to crack, while a 12-character combination could take up to 34 years [*].
Unfortunately, long, complex, and random passwords are nearly impossible to remember.
1. Combine random words to form a strong password
It’s not easy to remember passwords that consist of a random string of characters and numbers. As a workaround, many people use substitutions — like “pa$$word” — that are easy for hackers to guess or crack with a brute-force attack.
As a more secure alternative, use the “three random words” method to create secure passwords that are easier to remember.
How to create a strong password with the “three random words” method:
- Choose three (or more) unrelated words. Ideally, they should have no obvious link — for example, “computerhorselisbon.”
- Make it more secure by adding numbers and characters. One easy-to-remember tactic is to separate the words with numbers — for example, “computer5horse3lisbon!8.” You can also add special characters to ensure compliance, such as "computer!5horse!3lisbon!8."
- Get ideas from a random password generator. Bear in mind, however, that it may not be safe to rely 100% on the outputs of these public apps. It’s safer to combine ideas that the apps generate. For instance, generate three separate passwords, and create your unique phrase by taking one word from each suggestion.
📚 Related: How Do Hackers Get Passwords (and How To Stop Them) →
2. Use memorable, long passphrases instead of overly complicated passwords
The Federal Bureau of Investigation (FBI) advises people to use longer passphrases instead of short, complex character strings [*]. This approach allows you to create longer, stronger passwords that are easier to remember.
How to create a password with passphrases:
- Start with a common phrase. For example, let’s say that the “grass is always greener” is one of your favorite expressions.
- Change some letters to uppercase. Now, change the phrase to “tHE graSS IS alwaYS GreenER.” Note that you shouldn’t only capitalize the first letter of each word, as that’s too obvious.
- Replace some of the letters with similar-looking numbers and tack on a few extra characters. For example, this phrase could be changed to “tHE%gr4SS%15%alwaYS%Gr33nER.”
3. Create passwords out of abbreviated song lyrics or quotes
You can take the passphrase concept a step further by abbreviating every word in the phrase. Even if somebody discovers your favorite quote or poem, it’s unlikely they will guess the abbreviated form that you use for a password.
How to create passwords with abbreviated passphrases:
- Start with a phrase that is meaningful to you. It could be a song lyric, a line from a poem, a movie quote, or a passage from a book.
- Abbreviate the words in the phrase. You can create a password from the first letter (or first two letters) of each word in the sentence. For example, imagine your passphrase was the line from the movie, Interstellar: “We've always defined ourselves by the ability to overcome the impossible.” Your password could be: “WeAlDeOuByThAbToOvThIm.”
- Avoid common phrases, famous quotations, and song well-known lyrics. The key here is that the password must be meaningful to you — but impossible for somebody else to guess. Don’t choose something too popular or mainstream.
📚 Related: What Is Credential Stuffing? (and How To Protect Yourself) →
4. Create passphrases that include words from different languages
By mixing up words from other languages, you can add another level of complexity to your credentials. You should use words that you know well.
How to create a password with non-English words:
- Start with one of the methods above. For example, use three random words or a passphrase based on a quote or passage from a book.
- Replace or add words in a different language. For example, if your passphrase is “Dogs!Wine2Travel,” you could change it to: “Dogs!Vino2Travel.”
- Make sure it’s not an obvious substitute. If your partner has a non-English name, don't use that. Similarly, stay clear of common crossover phrases, like "carpe diem" or "déjà vu," etc.
5. Store your passwords in a secure password manager
Using password managers is by far the best way to create complex passwords that you won’t forget. These applications store your account credentials in a secure digital vault so that you can access them whenever you need to.
Every time you visit a site for which you have an account, a password manager can automatically input your username and password. Instead of trying to remember numerous individual passwords for every account, you only have to remember one master password for the password manager vault.
As an added bonus, Aura’s password manager can warn you if your password has been leaked, is too weak, or if you’re trying to enter it on a fake website.
How to store your passwords in a secure password manager:
- Choose a password manager. Look for an application that works across all of the devices and browsers that you use. Aura’s award-winning identity theft protection service comes with a robust password manager that encrypts all of your password data and works across iOS and Android devices, as well as most major browsers on Mac and PC computers.
- Create a strong master password. Password managers use a single “master” password to access your secure vault. Use one of the methods above to ensure that your master password can’t be cracked. Whatever you do, don’t reuse passwords from another account as your master password.
- Use your password manager. You can create and store more complex passwords for every account. The autofill feature makes it easy to log in quickly. Also, you will get alerts if you have duplicate passwords so that you can make one-click changes to update any compromised accounts.
📚 Related: How To View (and Update) All Of Your Saved Passwords →
How To Recover a Forgotten Password
If you’re trying to access an account and are locked out or can’t remember your password, you may need to reset your password.
Here’s how you can recover a forgotten password (using Gmail as an example):
- Visit the Gmail login screen on your device. Enter the name of the account that you want to recover, and select “Next.”
- When prompted for your password, select “Forgot password?”
- Next, Gmail will guide you through the various authentication methods (depending on what is set up on your account). For example, the system may send a push notification or text message to your phone to ensure a hacker isn’t trying to access your email account.
- If you can’t pass the two-factor authentication (2FA) method, select “Try another way” in the bottom-left corner of the window. As a last resort, Google can send a confirmation text or call to the recovery phone number listed on your account.
- When you’re able to successfully verify your identity, Gmail will ask you to set a new password. Use one of the methods above to create a new, strong password that you’ll remember.
If you can’t access the account through any 2FA method, you can provide an alternative email address to which you have access. Google will need time to assess your problem and then get in touch to help you recover your account.
The process for recovering your Facebook account is similar to the one above. Whatever the app or platform is, you’ll need to follow the in-app instructions to pass multi-factor authentication (MFA) and create a new password.
📚 Related: I Think My Gmail Was Hacked! How To Secure Your Email →
Don’t Ignore Password Safety
It’s almost impossible to remember all of your passwords — especially if you’re following best practices for complex and unique passwords.
Simpler methods like using passphrases or mnemonics make it easier to remember your passwords. But the best way to keep your accounts safe is by using an all-in-one digital security solution.
With Aura, you get:
- A secure password manager to help you create and store unique, complex passwords for every online account. On some sites, you can even automatically update your password with a single click.
- VPN and Antivirus software to protect your devices against malware, spyware, and ransomware threats by using military-grade encryption and Wi-Fi protection.
- 24/7 three-bureau credit monitoring (Experian, Equifax, and TransUnion) with rapid fraud alerts that are up to 250x faster than competing digital security providers.
- Award-winning identity theft protection to monitor your most sensitive information — including your Social Security number (SSN), passport, driver’s license, phone number, and more.
- Dark Web monitoring that scans the deepest reaches of the internet in near real -time and alerts you if any of your personal information is exposed.
- $1,000,000 insurance policy to cover eligible losses due to identity theft, such as stolen money, credit cards, and passports.