Password managers

How to create strong passwords you'll actually remember

By Iulian · Published 4 June 2026

Some links on this page may be affiliate links. If you buy through them we may earn a small commission, at no extra cost to you. We only recommend tools we believe are genuinely worth it. Learn more.

Most of us were taught to make passwords like P@ssw0rd!2 — a mix of capitals, numbers and symbols. The problem is that those are hard for humans to remember and surprisingly easy for computers to crack. There’s a better way.

Try it now: our password strength checker shows how long any password would take to crack — and it runs entirely in your browser, so nothing you type is sent anywhere.

What actually makes a password strong

Two things matter far more than fancy symbols:

  • Length. A longer password is dramatically harder to crack than a short, complicated one. Aim for something long rather than something clever.
  • Uniqueness. Every account needs its own password. The strongest password in the world is useless if you’ve reused it on a site that later gets breached.

The “three random words” method

The UK’s National Cyber Security Centre recommends a simple trick: string together three or four random, unrelated words, for example copper-violin-harbour-7. It’s long, it’s easy to picture and remember, and it’s tough to crack. Add a number or symbol if a site insists, but the words are doing the real work.

Avoid the obvious: pet names, birthdays, your football team, or anything someone could find on your social media.

The honest best answer: let a manager do it

Here’s the thing the experts actually do. You only need to remember two or three passwords: the one for your password manager, and maybe your email and device. For everything else, let your password manager generate long, random passwords and remember them for you. You get a unique, uncrackable password on every account without memorising any of them.

The short version: use three random words for the few passwords you must remember, let a password manager handle the rest, never reuse a password, and turn on two-factor authentication on your important accounts.

Not sure a manager is safe? See are password managers safe? Want to know if your current passwords have already leaked? Try how to check if your password has been leaked. More in our password section.