How to create a strong password

10 November 2020 by National Bank
Create a strong password

Passwords are part of our everyday lives. We use them to access emails, electronic devices, bank accounts and our favourite apps. In other words, they safeguard some of our most sensitive information. If you'd like to learn more about creating strong and secure passwords and how to effectively protect your accounts, this article is for you.

Take precautions against identity theft

Get with
Securizone 360TM

The ingredients for a strong password

Basically, you're looking for a password that's easy to remember but impossible to guess. Finding a balance between reliability and something a person can reasonably remember is possible. To create passwords like a pro, follow our best practices, backed by reputable local and international organizations such as the National Institute of Standards and Technology (NIST) in the United States.

The rule of thumb: Longer passwords are more secure

Experts say that a simple seven-character password can be cracked in a few milliseconds. According to the NIST and the Commission Nationale de l’Informatique et des Libertés (CNIL) (French only), a password needs to be at least 12 characters long to be strong. And a password with 21 characters is virtually unhackable using current technology.

You may not want to use the maximum number of characters, but keep in mind that every character you add increases your password security exponentially.

Afraid of forgetting such a long password?

To come up with a long password you'll remember, you can think of a sentence that will only make sense to you, like "I love living in a turtle," or a series of random words like "banana oven coffee clock," i.e. four items that you can find in your kitchen. You can write the phrase without spaces between the words to get “Ilovelivinginaturtle” and “bananaovencoffeeclock.”

Good to know

  • Contrary to popular belief, using special characters no longer increases the strength of a password. In fact, a long phrase with more than three words is stronger than a single word filled with % signs. Even so, some sites still require special characters to be used in users’ passwords. 
  • If this is the case, choose a phrase with 4 to 5 words and insert special characters as needed, such as “!$%?&*;:=+()/” symbols, numbers, and uppercase and lowercase letters. 
  • Contrary to what many people think, a strong password doesn’t need to be changed. If it’s solid and unique, the best practice is to change it only if you think you’ve been a victim of fraud. 

Common pitfalls when creating passwords

Here are the most common pitfalls to avoid to help you safely use technology: 

Making your password too short and simple

In order to remember a new password, some people will be tempted to pick a short, familiar password. Here are some examples: a series of numbers (“12345”), letters in alphabetical order (“abcd”), your year of birth (“1956”) or the name of your dog (“Fluffy”). These types of passwords are easy to hack and should be avoided at all costs.

Keeping your passwords in an unsecured location

Storing your passwords on your phone, in an email or in a notebook is never a good idea. Keeping your passwords in an unsecured location means that your information is likely to be compromised if your devices or other belongings are lost or stolen.

Sharing your password

When it comes to passwords, confidentiality is the top priority. When you disclose your password to another person, you're giving up control. Even if they don't have any bad intentions, they could lose your password or reveal it to someone else. In short, you've increased your risk of identity theft.

Using the same password for all your accounts

There are tools keeping track of various leaks that can help you determine whether your email password was stolen following a security breach. All you have to do is enter an email address – no password needed. These lists aren’t extensive, so if your email address isn’t there, it isn’t a guarantee that your login information hasn’t been stolen. 

Password managers: A smart option

Internet users have a multitude of online accounts. While experts recommend creating separate long passwords for each account, remembering hundreds of them is virtually impossible. 

Using a password manager is a great idea for people with a large number of passwords.

What does it do?

A password manager will save you the trouble of memorizing all your different passwords. It will also generate passwords for you automatically.

How does it work?

These online tools store all your passwords in one place. You just use a single password, which serves as a “master” password. When you enter this master password, the app will automatically fill in the fields when you log into your various accounts.

Is it secure?

Since these password managers are a point of entry to all your accounts, your master password needs to be solid. A strong unique password is key when it comes to using this type of tool effectively. We also recommend using two-factor authentication to access your password manager. 

We always recommend checking the source before entering your precious personal information, so be careful when shopping online for apps that will be granted access to your accounts and information. Do your research using trustworthy sources to find tools with a good market reputation. That way, you can ensure reliability and security. After having determined how to create a strong password and how to manage them, make sure to be cautious. 

With the advancements in biometric authentication – like digital fingerprints or facial recognition – passwords appear to be on their way out. But until we see what the future holds, these tips will surely help you manage your passwords. 

To learn more, find out how to avoid becoming a victim of phishing and Internet fraud.

Legal disclaimer

Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).



Take precautions against identity theft

Get with
Securizone 360TM