What makes a password strong is the combination of different alphanumeric, special characters, and capitalisation that you use, and of course the length of the password.

 
Let’s look at how to choose very strong passwords for every website that you use, that are different for each website, and are each only a maximum of 9 characters in length. (Interestingly a study found that an 8-character password that's constructed in the manner we’re going to look at has 7.2 quadrillion different combinations, and will take 83.5 days to crack if the hacker can try 1 billion different passwords per second.)

Step 1: Pick 2 Starting Characters

To make it easy to remember, all your passwords need to start with the same characters. But these are not just any characters. Pick 2 characters from the list of special characters that you see above the numbers on your keyboard and to the left of the Enter key.

These characters are: ~`!@#$%^&*()_-+={}[]:;"'?/|\\

Pick any two of them as your password starting characters. To show you an example as you read through the steps, let's pick $ and % (pick your own two).

In my example, all my passwords are going to start with $%.

Step 2: Pick 2 Ending Characters

In exactly the same way as above, pick two different special characters that will be at the end of your passwords. Don't pick the same characters as your starting characters.

For the purposes of my example, let's pick * and ^. Hence, all my passwords are going to end with *^.

Step 3: Construct The Middle Part Using The Website Name

This is the fun part. Take the first 5 characters of the website domain name where you want to use the password. If the domain name is shorter than 5 characters, then use the full domain name.

In my example, let's create a password www.microsoft.com.

The first 5 characters of the domain name is "micro".

Insert our start and end characters $%   and *^

Therefore our new password is  $%micro*^

Take it to the max:

Not secure enough for you? Try substituting some characters and capitalizing others.

Substitute the following characters: a becomes @, e becomes 3, i becomes 1, o becomes 0, and u becomes ^.

Now we have "m1cr0".

Now, decide on a standard for yourself regarding which character(s) you're going to capitalize.

For this example, let's say we're always going to capitalize the 3rd consonant.

So now we have "m1cR0".

The next step is to append the Ending Characters (*^) that you picked in Step 2.

Our password is now "m1cR0*^".

The last step is to add the Starting Characters (Step 1) to the beginning of the password.

The final password is "$%m1cR0*^".

A Few More Examples

Domain: www.twitter.com, Password: "$%tw1Tt*^".
Domain: www.facebook.com, Password: "$%f@c3B*^".

Domain: www.ebay.com: Password: "$%3b@*^"

Remember

Pick your own 2 starting characters and your own 2 ending characters, don't just use the same ones I used in the example.

In addition, make your own capitalization rule (you can capitalize more than 1 character if you want to.

You can also use more than the first 5 characters of the domain name if you want to. It just means your passwords will be slightly longer.

Is This Password Strong?

Yes, it is very strong. With this method you're potentially using any of 30 special characters, 10 numerals, and 26 lower case and 26 uppercase characters.

Making It Even Stronger

If you're concerned that some hackers might know about this password construction method, simply pick 3 starting characters and/or 3 ending characters, or as many as you like. Any slight variation of the method makes your passwords even more secure.