photo: BrianAJackson/iStock

Even More Ways to Make Strong Passwords

By Karen Cho

Think your online passwords are impenetrable? If you’ve had one of your accounts hacked into, that perspective will quickly change. You’ll feel as if someone has invaded your physical and private space, and depending on which of your personal sites were hacked and what the cyber thieves were looking for, you could be stripped of your finances, identity and your reputation.

At the risk of becoming a Luddite and eschewing all online activity with the outside world, there is a less dramatic solution that can put you ahead of these hackers—strong passwords that are more resistant to attacks. While it seems like common knowledge to avoid blatantly obvious passwords like your name, children’s names and birthdates (which, by the way are still being used), even passwords that appear to be unique are not always safe.

So what goes into creating strong passwords? Here are a few pointers:

Aim for passwords that are at least 12 characters long, and include numbers, symbols, capital letters and lower-case letters. Don’t use information that can be guessed with minimal effort. The longer the password, the harder it is for somebody to guess or brute-force it.

The anatomy of a secure password

Ever randomly hash away at your keyboard out of boredom or frustration? You may have inadvertently created a password so random that it works. Try this: nkfdjki3409rbj. That’s a strong password because it doesn’t resemble a word or phrase. Adding an upper-case letter and a punctuation mark will make it even stronger. If you prefer a more structured approach that will help you remember your password, try misspelling words deliberately, e.g. Chawkolit for chocolate. A general rule of thumb is to avoid using words in the dictionary. Also, stay away from popular and easy-to-hack passwords like: Winter2017, Summer18, Holiday2017, Edmonton15, or abc*123. You’d be amazed at how often passwords like these are used.

Take a leaf from Carnegie Mellon’s School of Computer Science playbook by creating a sentence, using the first letter of each word from that sentence, and turning it to a password. For example, take “Fall is always my favourite time of year”, substitute some letters with numbers and add in some punctuation and you get: f1aMft0y! Or turn a piece of trivia or fact into a sentence. “Canada 150 was in 2017” turns into: CaOn50wi20seventeen. You could also try a phrase or short sentence—spaces count as special characters—because they’re harder to guess. Something like “There is no 5poOn” or “W3ve got the Beat!”

Assuming you bank, shop and pay bills online, you may want to consider using a password manager, which stores and remembers your passwords for you—though you’ll still need to remember the master password for the password manager. Some of the best password managers also generate strong passwords for you so you’ll never have to worry whether man or machine can figure out your password. Some recommendations for password managers can be found here.

Three pieces of information that you should never share online

As an added security measure, some sites offer the option of a two-step verification process, where upon signing in, you are prompted to enter in a code that’s sent as a text message to your phone. We highly recommend making it a point to set this up for peace of mind because unless the hacker has your phone right there and then, that password is locked down. While most of the top sites have this mechanism in place, many other reputable sites still do not have it an as option, which is something worth considering when registering on a new site or app. Passwords are not secure by themselves but it’s the combination of passwords and multi-factor authentication that provide the best level of online security.