How to Make a Strong Password You Can Actually Remember

Everyone knows they should use strong passwords. Everyone also reuses the same three passwords across twenty sites. The gap between knowing and doing is that strong passwords feel impossible to remember.

Here's the good news: random password generators solve the strength part. And a simple system solves the remembering part.

What makes a password strong

Strength comes from length, not complexity. A 16-character all-lowercase password is harder to crack than an 8-character password with every symbol on the keyboard. Each additional character multiplies the possible combinations exponentially.

A password generator lets you pick the length and character types. For most accounts, 16 characters with mixed case and numbers is plenty. For email and banking, bump it to 20+ with symbols.

The remembering trick

Don't try to memorize random passwords. Use a password manager — Bitwarden is free and open source, and it works on every device. You memorize one strong master password, and the manager handles the rest.

For the master password itself, use four or five random words strung together. Something like "correct-horse-battery-staple" is both strong (44 bits of entropy) and memorable. Add a number and symbol if the site requires them.

The password generator can also create passphrase-style passwords if you prefer that format. Either way, generate a strong password rather than making one up — humans are terrible at randomness.