Nearly every site or service we use online requires a username and password. Remembering hundreds of unique passwords is just about impossible, and reusing passwords across multiple sites can be dangerous. If one account is compromised in a data breach (and this is likely: check out IdentityForce’s list of all the breaches so far this year), any other account using that same password is now at risk.

Today’s username and password convention is a difficult system to manage well, but it remains important to create strong, unique passwords for your various accounts. We’re here to help today by sharing a few ways to create unique passwords that are strong and memorable.

Base Your Password on a Familiar Phrase

One way to make a password easier to remember is to base it on a phrase or term that’s familiar to you. Notice we didn’t say to use a term that’s familiar to you: “ilovesarah”, “sparky”, and “gocowboys” are all terrible passwords because they’re easy to guess. Anyone who knows that your wife’s name is Sarah, that your dog’s name is Sparky, or that you love the Cowboys might guess these easily.

Instead, come up with something creative, but that still has a connection to something you won’t forget. Something like “R3dsk1nsRool!” would be hard to guess since it runs counter to your actual interests, and it would be hard to crack due to the character variations. You’ll have an easier time remembering it, though, since it connects to one of your true passions.

Another variation on this theme is to take a poem or song lyric that’s meaningful to you and turn it into an acronym. “Row, row, row your boat gently down the stream” could turn into “RrrybGdtS”, for example. Easy to remember; hard to guess.

Use Long Passwords

Long passwords are hard to guess, but they’re even harder to crack using hacker tools. Use a memorable phrase in its entirety, or choose a series of seemingly unrelated words that mean something to you. You’ll create a password that’s easier to remember than the previous method and that’s even harder for a computer to crack. Check out this Xkcd comic, which illustrates this principle with an added dose of humor.

Use Two-Factor Authentication Wherever Possible

You should enable two-factor authentication (2FA) on any site that offers it. 2FA adds a second method of authenticating that you’re who you say you are. Most 2FA methods involve sending a numeric or alphanumeric code to the account owner (that’s you). This code can be sent via email, text message, or even be displayed on a physical key fob. The code is only good for a short window (usually 1, 2, or 5 minutes). After supplying your username and password, you’ll be asked for this code.

Most consumer applications of 2FA involve sending the code via text message. Unless a hacker has stolen or cloned your phone, he or she won’t be able to view this code and thus won’t be able to log in to your accounts—even with your username and password.

Change Your Password Frequently

Changing your password frequently is another way to stay ahead of information thieves. A stolen password is only useful until you change that password to something else. It’s good practice to change your passwords frequently, such as every 3 to 6 months. We realize that can be a lot of work. Changing only your most sensitive passwords (financial, social, and email) is better than changing none.

Use a Password Manager

All this sounds like a lot of work, and it is. Thankfully, there’s a better way. Using a password manager, you can create long, unique, complex passwords for each account — but you don’t have to worry about remembering them! All your passwords are stored in the password manager. All you need to remember is the strong master password you create for this utility.