How to Create Passwords You Can Remember and Keep Them Safe
Most password advice for seniors is bad advice. It treats memorisation as the goal — leading either to weak passwords ("Sparky2024") used everywhere, or to forgotten ones that lock the user out of their own bank account. The truth is simpler and gentler: write your passwords down in a place a thief can't reach, build them out of words rather than mangled letters, turn on two-factor authentication, and let your phone help you. Here's how each of those works.
Why a notebook of passwords is fine (with one rule)
The standard security advice "never write your passwords down" is intended for office workers whose desks face the public. In your own home, a notebook in a drawer is a perfectly acceptable place to keep passwords — far safer than a memorised weak password reused across thirty websites. The one rule: keep the notebook somewhere a casual visitor wouldn't find it. Not the top desk drawer. Inside a cookbook works. With your important household papers works. Tucked next to your passport works.
The notebook is also resilient against the most likely failure mode for seniors: a phone that breaks. You will never need to recover the notebook from "the cloud."
The three-word method
A password built from three random words is easier to remember and stronger than the mangled "P@ssw0rd!" patterns that try to look complex. Pick three unrelated words. HorseStaplerOcean. RaspberryClockBoulder. SaturdayCabinetThunder. Each one is longer and harder for an attacker to guess than nearly any short password with a special character.
If a website insists you include a number and a special character (many still do), add them at the end: HorseStaplerOcean12!. Don't make a different three-word password for every site — see the next section.
A different password for each important account
The most important security habit isn't password strength; it's password uniqueness. If one website you used five years ago is hacked, the attackers will try that email-and-password combination on dozens of other websites. If you've used the same password on your bank, your email, and that website, the attackers are now in your bank. Different password per important account.
The "important account" list, in priority order:
- Your primary email account (Gmail, Outlook). The most valuable single account, because it can reset passwords on all the others.
- Your bank.
- Your phone account (Apple ID or Google Account).
- Your patient portal.
- Anything that has your credit card on file.
For dozens of low-importance accounts (shopping sites you used once, a forum, a free service), reusing a single "secondary" password is acceptable. Don't lose sleep about those.
Two-factor authentication, plainly
Two-factor authentication (often shortened to "2FA") means that signing in requires both your password and a one-time code, usually sent to your phone by text. With 2FA on, a stolen password is no longer enough to break in.
Turn on 2FA for every account on the priority list above. The setup is usually under Settings → Security in the account's website. It takes about a minute per account.
Two practical tips:
- The text-message code is fine for most uses. There are slightly stronger options (an "authenticator app") but the gap matters mostly for high-profile targets, not for typical retirees.
- Keep your phone number current on every important account. If you change phone numbers, update them all the same day, or you'll be locked out of accounts you can't receive codes for.
Should you use a password manager?
A password manager is an app that remembers all your passwords for you and types them into websites when you log in. The good ones (1Password, Bitwarden) are excellent. They also have a real learning curve. Honest answer: most seniors are well-served by the combination of a notebook plus the built-in keychains described below, and don't need a dedicated password manager. If you find yourself with 40+ accounts you actively use, the math changes — at that point a password manager is genuinely valuable.
Built-in password keepers
Your phone already has a small password manager built in. Both work well and require no extra setup.
iCloud Keychain (iPhone): When you sign into a new website on Safari, the phone asks "Save Password?" Tap Save. Next time, the password is auto-filled. To see all saved passwords: Settings → Passwords → unlock with Face ID. The same passwords sync to any iPad or Mac you have.
Google Password Manager (Android): Same idea. Chrome saves passwords as you create them. To see them: Settings → Google → Manage your Google Account → Security → Password Manager.
These built-in keychains are good for the dozens of low-importance accounts. Use them. For the priority accounts above, also write them in the notebook in case the phone is ever lost.
If you forget
Every important account has a "Forgot Password" link on its login page. Tap it. The site emails or texts you a reset link. As long as you can read the email or text on your phone, you can recover.
The exception: your primary email password itself. If you forget that, recovery is harder — the email provider (Google, Microsoft) needs to verify your identity through alternate means. This is why your email password specifically deserves the notebook entry above all others.
Frequently asked questions
Can I use the same password on my bank and my email?
No, please don't. They're the two most valuable accounts. Different passwords.
I keep forgetting my passwords. Can I just write them all in the notes app on my phone?
Not the regular notes app — anyone who picks up your phone can see them. The phone's built-in password manager (above) is much safer because it requires Face ID or your PIN to open.
Should I change my passwords on a schedule?
Current security guidance no longer recommends regular password rotation. Change a password if you have reason to believe it might have been exposed (a website was hacked, a scam call asked for it, your phone was stolen).
What's a "passkey"?
Passkeys are a new technology replacing passwords for some sites. They use your phone's Face ID or fingerprint to sign you in without typing anything. They're more secure and easier than passwords; when a site offers you one, accept.
My adult child says I need a password manager.
Tell them the truth: you're using the built-in keychain plus a paper notebook for important accounts, and that's the right level of security for your needs. If they want to set up a real password manager for you and walk you through it patiently, great — but it isn't urgent.
Written by David Chen. Last verified 12 June 2026.