photo: RayaHristova/iStock

Anatomy of a Secure Password

By Karen Cho

The widely publicized Equifax breach has lately brought cybersecurity back into the news, and serves as a good reminder that digital burglars are always on the prowl, looking for a weak spot to invade and infiltrate your life.

Like your house keys, passwords are the main entry points to your personal and financial information online. Most Canadians have at least one online account containing these important details. The Canadian Revenue Agency, for instances, chooses to correspond with taxpayers primarily through their online accounts. Unlawful access to these virtual accounts can do substantial damage in real life: Cyber thieves can use your name to impersonate you in online transactions, open new credit card accounts and even apply for a mortgage.

The good news is that there are ways to protect yourself. The first line of defense, of course, is to have a secure password that’s difficult to crack. It may sound like common knowledge, but you’d be surprised by some of the no-brainer passwords that are still being used. For example: 123456; Password; 12345679; Qwerty; abc123; and even 111111.

These are definite no-nos, as are using passwords that are linked to personal details such as family names, pet names and birthdates—like johnsmith1973. You should also refrain from having passwords that take the form of a single proper noun or word in the dictionary; this minimizes your risk of a “brute force” attack where a hacker repeatedly tries many passwords or passphrases in the hope that they’ll eventually crack the code.

The three pieces of information you should never, ever share online

So what should a “good” password look like? Well, in this case, size does matter. Passwords should be at least eight characters long, and should include a combination of upper- and lowercase letters and numbers. If you can go beyond an eight-character limit, and be able to remember it, even better. Longer passwords are just better passwords.

Ideally, a fairly secure password also consists of using a base sentence or phrase as an acronym, with some symbols or numbers thrown in for good measure. For example, you could transform “I need coffee to start my day” to “inctsmd925”—it makes sense to you, is easy to remember but looks like gibberish, and most importantly, is more resistant to password crackers.

Now that you’ve got the idea, it’s best to create separate strong passwords for your different accounts. That way, if one of your passwords ever does become compromised, you’ll be able to rest assured that the situation is contained to the single corresponding account; the rest of your online activities remain safe.