By using this site, you agree to our Privacy Policy and our Terms of Use. Close

The big problem almost isn't your password itself but the quality of the security storing it. If a company stores all passwords in plain text in an easy to access database, your 20 random alphanumeric character password means squat now.

As for password themselves, either use a quality password manager or develop your own system for creating unique complex passwords for every important site.
For instance, start every password with a base of 8 characters (this can be a word, numbers, characters or a mix. Just start with 8). Every password will use this same base. Then add 2 words that are relevant to the site but aren't obvious (maybe the company founders name). Now bring your base back but reverse it and append a number, letter or character.

This (and any system you develop like it) will give you a password that is easy for you to remember, that is unique for every important site and damn near impossible to brute force.

Here is a fantastic comic from XKCD about passwords and entropy.



Massimus - "Trump already has democrat support."