Method 1: Use a Password Manager
We've mentioned password managers already, and with good reason (hence why we're mentioning them again!). They remove all the effort of creating & remembering lots of unique passwords, and all the passwords they generate are incredibly strong and all different. They keep your passwords safe too.
For more details (and links to popular tools) see our Password Managers page.
Method 2: Create a rule based on the website name
Even without a password manager you can still get away with only needing to remember 1 password - all you need is a simple rule that will slightly change your password to make it unique each time.
First make sure you have a strong base password - use one of the password ideas on the previous page for example.
Next you need to decide on a simple rule to modify it for each website. This could be anything, for example simply adding the first and last letter of the website name to the end of the password.
So if for example you've chosen the base password of Mi40mwoL^tP (taken from the initals of "Manchester is 40 miles west of Leeds over the Pennines"), then:
- For Amazon: Mi40mwoL^tPan
- For Facebook: Mi40mwoL^tPfk
- For eBay: Mi40mwoL^tPey
- For Twitter: Mi40mwoL^tPtr
- and so on...
You may well have your own ideas for making the password unique (eg using the 1st and 2nd letters, including the number of letters in the website name, putting them in the middle of your base password, etc….) – just pick whatever you find easiest to remember and use that.
Of course there are a couple of points to remember:
- It goes without saying that you still need to keep your rule, as well as your base password, secret!
- Don't use a method that is too obvious - eg a hacker might work it out if your password for Amazon was AmaMi40mwoL^tP.
- It's a good idea still to have 2 or 3 base passwords, including one that you only ever use with your most valuable accounts (email for example).
One password and one rule. Easy!
Method 3: Why bother with passwords? Use the password reset!
For unimportant websites which you rarely log into then why even bother trying to think of a password?
The fewer places that you give your passwords to, the less chance there is of any being stolen.
If a site which you don't think you'll ever visit again insists on a password then simply hit lots of keys at random (eg typing "sWe23gRw@h52rfs"). Should you ever find yourself needing to log in again then simply follow the password reset procedures instead.
Resetting your password is normally easy, often requiring you to click on a link in an email (so hopefully you don’t change your email address too regularly!) and/or answering a security question. See our section on giving safe answers to security questions.