Skip to main content
  • Cybersecurity

How to create strong passwords and why they matter

By Spencer Callaghan
Senior Manager, Brand & Communications

Choosing strong passwords is the most effective way to protect yourself from a cyber attack.

Choosing a strong, unique password is like flossing your teeth—something you know you should do, but never seem to get around to. It’s hard to come up with unique, complex passwords for all of your online accounts and even harder to remember them all! This is why so many of us go back to reusing passwords for multiple accounts or choosing the tried and true “password1234.”

Why a strong password is important

But there are really good reasons to create strong passwords (and to floss your teeth!).

Cyber criminals can exploit a weak password and steal your personal data or banking information to do things like take out a bank loan, run up a credit card bill or sell the information to other criminals. They can also use it to target you with a phishing scam. This is where a criminal tricks you into giving personal information, like your bank account number, by sending you an email that looks legitimate. This is why unique, strong passwords are your most important form of protection from cyber attacks.

Password mistakes to avoid

Choosing the name of a pet or family member

It is convenient to rely on the name of your dog or a family member to help yourself remember your passwords.

But it is too easy for a hacker to find this information simply from what you put on social media. Just think of all the times you share your dog’s name with those posts of him in kooky hats. You should also stay away from using words related to the account you are protecting, for example, avoid “Instagram1” for that account.

Using the same password on multiple accounts

While reusing passwords makes them easier to remember, it also makes things simpler for cyber criminals. 

Reusing the password from your online knitting club may seem harmless, but if that account gets hacked, it could lead to bigger problems. A cyber criminal can use that same password on your Amazon account and access your stored credit card information or take over your Facebook account and send messages to your friends. They can also change the passwords, making it more difficult for you to recover your accounts.

Sharing your password

You should never, ever share your passwords, not even with your spouse or a trusted co-worker. Even if you trust them, every time a password is shared, it decreases its integrity. Even if they don’t intend any harm, a friend may not be as careful as you would like, for example, writing down your password and keeping it in an unsafe place.

Using autofill on shared devices

Some browsers and apps offer the option of auto-fill or “remember me” so that you don’t have to fill in your information every time you log in. Don’t use this feature on a shared or public device, as it makes it too easy for another user to access your accounts.

Keeping a list of passwords on your device

It may help you to keep a list of all of your passwords. If you do, never store it on your computer or mobile device. Instead, write it down on a piece of paper and keep it in a home safe or another secure spot.

Instead of actual passwords, consider writing down hints that will help you remember each one. Using a password manager is even better, but more on that later.

How to create a strong password

Use a passphrase instead of a password

Passwords are so 2008. A passphrase is even better. For example, you could look around the room and string a few words together. If you are in your home office, you may choose computer, blazer, tie, underwear. Add in a number and special character and you are on your way.

Use your own catchphrase

You could think of a favourite line from a movie or advice your dad always gives you to create a strong password. For example, “luck comes from hard work,” could become “LuckComesFHW7421!”

Make it complicated

A strong password has numbers, special characters and letters. A strong password should also be long, with ideally a minimum of 16 characters. You should also use a combination of upper and lowercase letters. Using a password manager to create a long password makes it easy.

Password managers are helpful

A password manager generates and stores strong passwords for your online accounts, while protecting your personal information with strong encryption. With a password manager, you can have long, complex passwords without having to remember them.

Use multi-factor authentication

Multi-factor (or two-factor) authentication is a way of confirming your identify using multiple factors beyond a password.

These usually include:

  • something you know (a password),
  • something you have (a token or a code sent by text message), or
  • something you are (a fingerprint or face scan).

Token-based authentication is most secure, where an app, such as Google Authenticator, creates a single-use log-in code.

Avoid using single sign-on  

Many people sign on to multiple accounts using their Facebook or Google password. Known as single sign-on (SSO), this can save you time and having to remember yet another password. But we recommend avoiding this. With single sign-on, if a hacker breaches a single site or service, they can use the same username and password to log on to any of your other accounts. Of course, if your employer offers an enterprise-grade SSO, like Microsoft or Cisco, that is different than a consumer-level single sign-on like Google or Facebook which are generally offered in order to better to track what you’re doing online, and target you with ads.

Take our free course: Cybersecurity for remote workers

We’re offering a free online course that covers cybersecurity basics while working remotely.

You may also be interested in learning more about CIRA Cybersecurity Services that are helping protect Canadians against cyber threats, including Canadian Shieldand atraining program and platform for businesses and organizations.

About the author
Spencer Callaghan

Spencer Callaghan is the senior manager, brand & communications at CIRA. He is a writer, former journalist, and has experience in technology, non-profit, and agency environments throughout his career. His areas of expertise include content marketing, social media, branding, and public relations.