11 Ways People Remember Passwords (Analyzed and Explained)

Did you know that 53% of people rely on their memory to manage passwords? Over half of all internet users don't use any tool to remember passwords.

Based on research conducted by NordPass in 2021, it is estimated that the average internet user has more than 100 passwords. To keep track of these passwords using their memory is no easy task.

I've gathered and analyzed the most common 11 ways people use to remember their passwords. Let's dive in!

1. Use the same password on all websites

Did you know 51% of people use the same password for all their accounts? While this is not a good practice, it makes sense that it's very popular. Remembering different passwords is hard and takes time.

It's like putting all your eggs in one basket. If someone gets your password, they can access all your accounts and data. This includes sensitive or private information, personal messages, and bank or credit card accounts.

How complicated is this?

This is the simplest way to remember your passwords since you only have 1 to remember. You create one (preferably very strong) password and use it on all websites.

How safe is this?

Using the same password on all websites is not safe. While it is better than using `123456`, `password1`, `qwerty`, or similar passwords, you are exposed to data breaches that you cannot control. This might get you hacked overnight, on all accounts.

Cybercriminals can get your very strong password from a security breach. A security breach is when an old or insecure website is hacked and all the emails and passwords are leaked.

For example, in the “Collection 1-5” data breach of January 2019, 2.2 billion unique emails and passwords were exposed. Cybercriminals can (and probably already did) simply get an email and password from that list, and try it on important websites like Google, Facebook, banks, and so on. If you happen to use the same password on all websites, you just got hacked big time!

How do you make this safer?

There is a way to reduce the risk of not being hacked while using this method, but it's not foolproof.

Use a very very strong password. You can pick a randomly generated password like `d3v#nC$^EN3y` (don't use this exact one) or create a memorable, sentence-type password, like `That monkey has 3 hands. Wow!`. Again, please don't use these exact passwords, but create your own using these as an example.

2. Create a strong password and use the website name

This method starts with a strong password, like `d3v#nC$^EN3y`. For each website add the name to the password and you get: `googled3v#nC$^EN3y`, `facebookd3v#nC$^EN3y`, `twitterd3v#nC$^EN3y`, and so on.

How complicated is this?

This method is rather simple, as you only have to remember the one strong password. For each website, you just add the name, and voila!

How safe is this?

While this is a little safer than using the exact same password, a person or a well-trained AI can easily guess your other passwords if one of them gets leaked. Remember that if you can follow a pattern to remember your password, a hacker can, as well.

How do you make this safer?

You could replace letters with numbers, like `g00gl3d3v#nC$^EN3y` or `f4c3b00kd3v#nC$^EN3y`, but you run in the same problem as above. If you use a predictable pattern, a hacker can guess your passwords easily.

The best way is to pick a few random letters from each website name. like `gogd3v#nC$^EN3y`, `facebkd3v#nC$^EN3y`, `twtrd3v#nC$^EN3y`. Make sure it's random, not just removing vowels, and it should be safe enough. However, you will have to remember which letters you pick for which website.

3. Create a handful of strong passwords and use them on account groups

In this method, you need to remember a few passwords, usually 3. Pick a very strong password for the most important websites (like governmental, bank, email), pick another strong password for important websites (social media, shops, Netflix), and use another password for websites you don't care about.

• A very strong password for very important or critical websites would be `d3v#nC$^EN3y` or `That monkey has 3 hands. Wow!`.
• An easier to type, reasonably strong password for important websites (with a credit card) would be `ruMEgubir%59`.
• An easier to type, reasonably strong password for websites that you don't care about would be `I like 3 ducks!`.

How complicated is this?

This method is easy, as you have to remember just a few passwords. Considering you will also write them a lot, you should memorize them in no time.

How safe is this?

This method is reasonably safe. All the passwords you use should not be guessable, so the only way to get hacked is by a breach. Usually, small and insecure websites get breached, so the only risky password is the "websites you don't care about" password. Even if this is exposed, your important account should be safe.

How do you make this safer?

The most important thing here is to keep the important passwords safe. Never share them with anybody and change them yearly or so.

Another thing is to make sure you never use the important password on crappy websites or the "websites you don't care about" password on important websites. This will save you if the "websites you don't care about" password gets leaked.

4. Memory Associations

Memory associations are a great way to make learning faster and easier. By connecting new information to what we already know, it becomes easier to recall. This process is known as "association". Whenever we wish to memorize something, we can associate it with something that is firm in our memory and make it easier to recall.

Let's say that you first heard about Facebook while skiing and on that trip you ate some bad seafood. This would be a memory that you won't forget soon. Now, let's turn it into a password, like this: `seafood&ski=2bad`.

You would do this for all websites, finding things that they remind you of and creating passwords from them. Make sure you use personal memories, not general facts. For example, everybody remembers the Facebook logo is blue, so a password about a blue face is easy to guess.

How complicated is this?

Creating a password with this method is not very complicated. In a min or 2 you can create an easy-to-write and remember a password for a new website. The problem is that you have a lot of websites and passwords, so this gets tedious very fast.

Also, if you don't have strong memories about a brand, you might not have a memory association to use.

How safe is this?

This method is quite safe. Considering that the passwords are different for each website, a password breach on one website will not be a problem for the other accounts. Because you create passwords with more than 10 characters, containing numbers and symbols, hackers cannot crack your password. At least not in your lifetime.

How do you make this safer?

This method is safe enough. Just make sure you create strong passwords (long and include numbers and symbols).

5. Rhyming

Rhyming can help us remember things better. This is because when something rhymes, our brains encode it more easily. It's like when we hear a song and remember the lyrics easily because of the pattern in the words.

This method is best suited for kids, as it brings some fun in the boring world of passwords.

You can use words that rhyme with the website name and create silly & short sentences, like `i cook on Facebook` or `Twitter is bitter`. Just add some numbers and symbols, and you're good to go!

Another way, that is better suited for kids, is to invent words and use those as the password. For example, Google rhymes with "woogle" and a good password would be `#WOOgle w00gle`.

How complicated is this?

This depends on your imagination. Also, not all websites have good rhymes (like Google or Amazon). This may make it difficult to create memorable passwords.

How safe is this?

If you add numbers and symbols, this is very safe as you create unique passwords for each website.

How do you make this safer?

Don't use very obvious rhymes and popular rhymes such as "meet and greet", "walk the talk", "name and shame", and so on.

6. Memory Palaces

A memory palace is a place where you can store memories by creating a story. This could be a place that you know really well, like your house, or a place that you've never been to before. You can go back to your memory palace whenever you want to remember something that happened there.

You can use a memory palace to remember passwords. For example, you could think of a place that you know really well - like your house. Now start creating a story of you walking inside the house and finding clues about your passwords.

"I open the front door and take off my jacket. On the coat rack, a blue unicorn looks at me. It knows the answer to the universe, so it has 42 horns. Being a badass unicorn, it has a big "f" tattooed on his forehead."

With this story, your Facebook password would be `Unicorn42#badass`.

How complicated is this?

This technique is rather complicated, as you need to create and rehearse your memory palaces from time to time. In the Remembering space, Memory Palaces are regarded as high-level techniques and you can use one to store 50 passwords or so!

How safe is this?

This method is very safe. You use your imagination to create un-guessable and different passwords. Hackers will have a hard time trying to crack them.

How do you make this safer?

Make sure you create long passwords that include numbers and symbols. This also works well with sentence-type passwords which are very strong.

7. Spaced Repetition

Spaced repetition is a learning technique that helps you remember things for a longer time. You review things multiple times, but with gradually longer intervals in between each review.

This can be used to help you remember passwords. You start with a stack of post-it notes and on one side write the name of the website and the password on the other. You have just created a stack of cards. Start reviewing these daily, then once every other day, and so on.

This technique can be used to learn the kanji (Japanese characters). If it works for 2000+ random scribblings, it certainly works for a hundred or so passwords.

How complicated is this?

Spaced Repetition is not complicated, but it takes a little bit of time. However, this time get's shorter the more you do this. In the end, you probably only need to review your password cards once every month or so.

How safe is this?

This is as safe as your passwords. Remembering `password123` will not keep you safe, but using different and strong passwords will.

How do you make this safer?

Make sure you create unique and long passwords that include numbers and symbols.

8. Muscle Memory

Your muscles remember what you have done before. When you do something again, your muscles remember it better. This is helpful when you are learning something new because you can do it more easily the next time.

In the context of password learning, this just means typing your passwords regularly and you will remember them easier.

How complicated is this?

You are already doing this. Just keep typing your passwords when you login into different applications. The end result is to type the password without actually thinking about it.

How safe is this?

This technique is as safe as your passwords. By using and remembering strong passwords you can stay safe online. On the other hand, using and remembering weak passwords like `111111` will get hacked pretty soon.

How do you make this safer?

Make sure you create long and unique passwords that include numbers and symbols.

9. Write passwords in a document or app

This technique is self-explanatory. You have a document on your laptop or Google Drive, Dropbox, iCloud, or a notes app and you write your passwords there. Whenever you need a password, you open the document, search for the website name and copy the password from there.

How complicated is this?

Since you already use documents and apps, this is very simple. Just create a document and start adding passwords.

How safe is this?

This is one of the worst ways to keep your passwords. Cybercriminals are experts in stealing online documents, especially not-encrypted ones. Once this happens, your passwords are there, probably with the website name, and the hacker can just have their way with your accounts.

How do you make this safer?

The weakness of this method is that the entire document can be easily stolen by hackers. You can remove the website and email from the document and only have a list of passwords, but this will not help much. Your email is quite public these days, or easily guessable from your name.

For a hacker, having a list of 100 possible emails and 100 possible passwords means a few seconds (at most) until they access your accounts.

If you use this method, I recommend you switch to the paper notebook instead of the document. That method is way safer.

10. Write passwords in a notebook

This might be one of the oldest ways to remember passwords, but it's still a good alternative in 2022.

You buy a small notepad and write down all your passwords alongside the website you use them on. When you need one, just browse through the notebook and find the correct password.

How complicated is this?

This method is trivial. Assuming you know how to write and are able to buy a notebook, you're good to go.

How safe is this?

While it may be counter-intuitive, this method is quite safe. Hackers can't get your notebook via the internet. You are, however, susceptible to theft. If someone steals your password notebook, they have access to all your accounts.

How do you make this safer?

Keep your notebook at home and don't take it with you. Try to remember a handful of passwords that you use on the go so you don't need it all the time.

Also, as with anything password-related, use unique and long passwords with numbers and symbols to stay safe online.

11. Use a password manager

A password manager is an app that you can download on your phone or laptop. When you need to log in, it will show all the passwords from the password manager (for that website) and you can choose one.

For safety, the password manager has a "master password" you need to remember to open it. On phones, you can also use Fingerprint or Face ID for this.

How complicated is this?

It's quite simple. You install one app, add all the passwords to it and you're done. Whenever you create a new account, the password manager will suggest you a new secure password and save it for you automatically.

How safe is this?

By using a quality password manager, this is the safest and most convenient way to store your passwords. There were some password managers that got hacked, but because your passwords are encrypted, they are usually safe.

How do you make this safer?

Firstly, use a strong master password. Make sure it's long, unique, and contains numbers and symbols. Don't share this password with anyone! All your other passwords depend on the safety of this one.

Secondly, use a quality password manager. By getting a paid one, you help the company keep it safe day by day.

If you want a recommendation for a password manager, check out NordPass. It's easy to use, not very expensive, and, most importantly, it's the one I use day by day. After checking out a few password managers, NordPass is the one I like most and recommend it to my friends and family.