Use password managers or do it yourself? Our security consultant reveals all

password managers

The number of passwords we’re asked for on the internet these days can often seem overwhelming, so it’s no surprise that many people will often just recycle the same password across multiple websites. Doing this can be dangerous though; if a hacker steals your password from one website they’ll then have the keys to access all your other accounts too.

So how can we create really strong passwords that are unique to each website – and make it so that we can still remember them?

Password managers are one great solution to this problem. These are apps we install on our computer which can manage and remember all the different passwords we ever need. Not only are they easy to use but they can also create incredibly strong passwords – far stronger than any of us can remember ourselves! They help by:

  • Generating extremely strong & unique passwords
  • Saving & remembering the passwords for you
  • Automatically logging you into websites

You just have to create and remember one single master password for accessing the tool, but the password manager then takes care of everything else. Just be sure to take good care of this master password!

For further details on these tools (and links to some popular ones) see’s dedicated Password Managers page.

However, I’m well aware that not everyone wants to use a password manager. Here then are six alternative suggestions.

Alternative 1: Choose 4 random words

One of the most simple (yet strong) password choices is to just throw three or four random words together. As long as it’s at least 12 characters in length and the words don’t have a natural flow to them (as say “MyNameIsDavid” would), then this should make for a very strong password.

Some examples of strong passwords made this way – and how they could be remembered – include:

  • SeattleBooksCoffeePlanes This could be remembered because Seattle is the birthplace of Amazon, Starbucks and Boeing.
  • LeedsWalkCafeWork This works because I can remember: “I live in Leeds, and walk past a cafe on the way to work”.
  • AileronBeerCatDonkey Note the “ABCD” order which can help you to remember this password.
  • BrokersSuitsSharesPorsche You just need to remember that stockbrokers wear posh suits, deal in shares, and own Porsches!

Remember: You should never re-use the same password across different websites; if hackers break into one website they’ll have your password for them all. Create one password, then learn how to make it unique between websites.

Alternative 2: Use entire phrases

use local landmarks to create a password
You can use local landmarks to create passwords, such as “TheDublinerismylocalpub”

If you’d struggle to remember a random sequence of words then how about a phrase instead? Since the words in a phrase flow together it will need to be quite long. Nevertheless, phrases, as long as they’re not obvious or common, can make extremely strong passwords.

You don’t even need to use numbers or symbols. The single best way to make a password strong is simply to make it longer, which a phrase naturally is. How about:

  • I catch the no. 47 bus 2 work
  • Myboysareinthelocalfootballteam!
  • Pizzas taste nicer with pepperoni
  • TheDublinerismylocalpub
  • MiddleLaneRoadHoggersAreIdiots

You can choose whether or not to include spaces between the words, as long as the website accepts them.

Alternative 3: Create a passphrase acronym

Instead of typing out a full phrase why not turn it into an acronym?

For example if you choose the phrase “My daughter was born at Sheffield hospital in 1984”, then by taking the first letter of each word (“Mdwb@Shi1984”) you’ll end up with a password that’s both strong and easy to remember password. Here are some other ideas:

  • IoaVW,wa52p from: “I own a VolksWagen, with a 52 plate”
  • P!Tdh2bd2r from: “Passwords! They don’t have to be difficult to remember”
  • Mi40mwoL^tP from: “Manchester is 40 miles west of Leeds over the Pennines”
  • 05wtyIbmfh! from: “05 was the year I bought my first house!”

These may take a little getting used to typing out, but after a while you’ll probably remember the password itself without even needing to recall the phrase it’s based on.

One important point – make sure it’s at least 8 characters long and not based on a common expression. While Shakespeare himself may approve of “Tbon2btitq”, it’s one that hackers may try because of how popular the phrase is.

Alternative 4: Use the keyboard

hardware keyboards are useful for passwords
Use the keyboard to good effect by using the keys one line above your “real” password

You can use the keyboard layout to good effect when creating a strong password. That said, don’t use patterns of letters from the keyboard, such as asdfghjkl or qwerty, as these are common and easily guessed by hackers. But there are still ways of using the keyboard to good effect.

Start by remembering something simple such as your children’s names, say “JaneCharlie” (make sure it’s at least 8 characters). Your password could then use the keys that lie above and to the right of the letters of your password: Iwj4Fuw5p94

It will be tricky to type at first, but will quickly become second nature.

You could even create your own rule for picking which keyboard keys to use, such as using letters to the left or right of your chosen words.

Be aware when travelling abroad however – some foreign keyboards move certain keys around, especially currency symbols and the @ key.

Alternative 5: Misspellings

Intentionally mispelling words can also create secure passwords if you’re careful about it. Try typing words as they sound, such as:

  • KryingTeers2Nite
  • DubbleTrubbleBubble
  • ILykeCheezBurgurs

You’ll have to be very careful if using this method since word lists that hackers use for guessing passwords include common mispellings (such as “acommodate”), so the more obscure you can make it, the better.

One common mistake to avoid is to use something basic and then substitute similar looking letters (eg an “0” for an “o”, or a “1” for “i”). The resulting password might look secure – and even meet common password rules – but in reality they’re not secure at all.

These, for example, are not secure passwords:

  • M@nch3st3rUtd!
  • P@$$w0rd1
  • L3tM31n

Criminals know about the most common letter substitutions and in some instances can test billions of password variations each second.

Alternative 6: Create a formula

Create a formula as your password
Passwords written as a formula can be very strong and, for some people, highly memorable.

If you’ve got a mathematical mind then basing a password on a formula or other logical statement is yet another option.

Passwords of this form can be very strong as they’re often fairly long and use mathematical symbols that are rarely seen in passwords.

Some examples of these include:

  • Dog+Cat=8legs
  • Children+Xmas=Excitement
  • 2Weeks=14Days
  • 1947-1943=Four (eg using the difference between your parents’ birth years)
  • OneCarHas4Wheels
  • Two+2=4-Zero

READ NEXT: How can I secure my Facebook account?

About the author

Andy Johnson

Andy is an independent cyber security specialist with over 15 years experience of helping to protect his clients from hackers and other online threats. He's also the author of, the web's premier resource for helping you and your family to stay safe online.

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.