Here’s a tip for coming up with determinable, secure*, and unique passwords for any website without wasting any really brainpower. I’ve been using this method for years and it allows to be able to recall hundreds of unique passwords without writing down a single one.

Step 1: Pick a base ‘word’.

This can been anything. A random string of characters or an actual word. Have it be at least 5 letters long. I like something seemingly random at a glance, but will make sense to you. I’ll choose ‘eyewtkas’ which looks like gibberish, but some clever folks might recognize that as the abbreviation for the classic Glassjaw album “Everything You Ever Wanted To Know About Silence“.

Example password root: eyewtkas

Step 2: Make sure there’s a number in there.

I’ll replace the ‘t’ with a ‘2’ since in full name of the album, the ‘t’ stands for ‘to’ anyways.

Example password so far: eyew2kas

Step 3: Capitalize at least one letter.

Depending on what you picked as your password root, one of the letters might be more obvious to capitalize than others. I’ll just capitalize the first letter. If there’s a proper noun in your string of letters, then that makes a great one to capitalize since it makes a bit of sense.

Example password so far: Eyew2kas

Step 4: Add some ‘seed’ data to your password.

Here’s where you really improve the overall security of your passwords by creating them according to a simple rule that allows them to be unique, but but determinable. This means you can figure it out rather than remember it or write it down.

Don’t use the subdomain if there is one. Only cherry pick a piece of the root domain name.

Example: Let’s say you were creating an account for Amazon.com. Pick 2-4 letters of the ROOT url and append them to your password. Front or back, it doesn’t matter. I’ll go with the appending the 2nd through 4th letters to my root password.

Example password so far: Eyew2kasmaz (for amazon.com, aws.amazon.com, amazon.co.uk, etc), Eyew2kasetf (for netflix.com)

Step 5: Add a non-alphanumeric character for good measure

The more sense it makes to you, the easier time you’ll have remembering it. I’ll just through a ?-mark at the end.

Final Password: Eyew2kasmaz?

And there you have it. A password you don’t need to ‘remember’ because you and only you can figure it out without writing it down.

One possible gotcha:

What if the password is for something that doesn’t have a domain name?

This is actually doesn’t come up all that often. If it’s for an account on a machine owned by a company, then use that company’s root domain name as the source for your seed letters.

* Not like secure secure, but better than ‘god’ or ‘changeme’ or somesuch nonsense.