How to create a secure password

22 October 2024 by National Bank
Illustration of a padlock with a password for an article about how to create a strong password

From accessing your electronic devices and apps to your email and bank accounts, passwords are an unavoidable part of life. Here’s how to create a foolproof combination to better protect your personal data.

In this article:

Why is a strong password necessary?

To ensure all your accounts are secure, it’s best to use a strong, unique password for each one. By doing so, you’ll help protect your data from a type of cyberattack called credential stuffing, whereby hackers are able to access your accounts using the same password combination. If you always use the same password, you’re putting your online security at risk: if just one of your accounts is part of a data leak, a malicious person could use this method to easily gain access to all your accounts. Once inside, they could change the password, steal your personal data and obtain your credit card numbers as well as the answers to your security questions.

In the worst-case scenario, they could steal your identity and go as far as making online purchases or even apply for a credit card in your name. 

If you notice any suspicious activity in your accounts, stay calm and follow these steps to protect yourself from identity theft.

What elements make up a strong password?

Creating a strong password is a simple yet effective security measure. Here are a few tips to outwit any hackers and ensure the protection of your personal data.

Choose a long, complex password 

Did you know that a 21-character password is considered to be unhackable? For a secure password, aim for a minimum of 12 characters and a combination of uppercase and lowercase letters, numbers and special characters. And keep in mind that the longer your password, the harder it will be to hack.

Opt for a passphrase

To create a long password that’s easier to remember, think of a phrase that makes sense only to you, such as “Eagle one catches the error.” You can also choose a sequence of words by associating objects or ideas; for example, you could string together four objects on your desk: “computer lamp mug phone.”

Make sure your sentence contains at least 12 characters and 4 words. To make it more complex, omit spaces and use a combination of numbers and symbols. Both “Eagle1catchestheerror!” or “computerlampmug1phone” are good examples.

Another option: think of a sentence. Now keep only the first letter of each word, mixing in uppercase and lowercase letters, numbers and special characters. For example, the sentence “My high-school locker number in grade 12 was two hundred and fifty-two” would become “Mhslnigtwthaft” or even  “Mhsl#ig12w252.” 

Avoid personal information

Don’t create passwords using your first name or names of family members, birthdates or the name of a pet. A hacker could easily find this information on your social networks.

Don’t use obvious combinations

You may be tempted to keep it simple, but that would be a mistake. Stay away sequences of numbers or letters such as “1234567,” “abcdef” or “qwerty.” These common passwords are just too easy to guess.

Choose a different password for each account

If you use the same password for all your online accounts, sites and apps, you run a greater risk of becoming a victim of identity theft.

Turn on two-factor authentication

Also known as two-step verification, two-factor authentication helps protect your data. Generally, this added security measure can be activated in the settings of the websites and services you use. Some institutions, such as National Bank, require it to ensure a secure connection to your online bank accounts.

The process is very simple: after providing your username and password, you’ll be asked to enter a one-time authentication code. This code will be sent to you by email, voicemail, text message or via a third-party application.

In some cases, you can choose how often two-factor authentication is required; for example, every time you sign in, every time you change your password or only when accessing your account from a new device or browser.

Do you run a business? If you haven’t already done so, make sure your sites and apps give users the option of using two-factor authentication.

Remain vigilant

Adopt these smart practices to increase the security of your accounts:

  • Avoid auto-fill functions (“Remember me”): your email address and other personal information could fall into the wrong hands.
  • Regularly change your passwords and never reveal them to anyone – not even your best friend or family members.
  • Don’t enter your passwords on a public device or when using public Wi-Fi.
  • Sign out of your accounts after each session.
Picto of a laptop with a cercled checkmark

Good to know: Scammers have all kinds of strategies to lure you into their traps. Be vigilant and wary of phishing and fraudulent communications. For example, never reply to emails asking for personal information such as sign-in details.

How can you securely manage all your passwords?

To foil any malicious attempts to access your data, it’s critical to create a unique, complex password for each account you have. So how do you remember all these combinations? With a secure password manager that remembers for you.

What’s a password manager?

It’s an online tool that keeps all your passwords in one place. To sign in to your various accounts, all you have to do is remember a master password. Simply enter it, and the manager will automatically fill in the sign-in fields with a random password.

Password managers are handy tools, but are they really secure? Yes, as long as you create a strong, unique master password and use two-factor authentication to access it.

How to choose your password manager

Speak to knowledgeable sources who can help you select a trustworthy password manager. You can also ask friends and family for recommendations.

Biometric identification – the use of fingerprints or facial recognition to unlock access to an account – is becoming increasingly common. Sooner or later, passwords will become obsolete. In the meantime, follow our tips for creating and managing your passwords to ensure your personal data stays safe.

Want to learn more? Explore our resources on preventing fraud.

Tags :
Savings and investment, Banking, Security
Back
Terms of use
National Bank’s virtual assistant

When using our Virtual Assistant Service (the "Chatbot"), you accept these Terms of Use, which are subject to change without notice. Furthermore, you agree to consult these Terms of Use from time to time and acknowledge that your continuing use of the Chatbot means that you have accepted any changes that may have been made. Your continued use of the Chatbot means that you’ve read, understand and agree to these Terms of Use, the Terms of Use for our website, our Online transaction services, and to our privacy policy. You also understand any other agreements that you have with us will continue to apply when you use the Chatbot.

1. Our Services and your responsibilities

The Chatbot is an automated service which is integrated into our online banking platform.

The Chatbot is preprogrammed to answer general questions concerning the use of our online banking platform solely for informational purposes. The Chatbot is not able to answer questions on personal monetary transactions or products you hold with us.

By using the Chatbot, you understand and agree that:

  • The Chatbot does not provide financial advice or financial planning services.
  • The Chatbot does not conduct any banking transactions.
  • The Chatbot may not be able to answer all your questions. Therefore, it may not be able to provide you with the information you require. You must judge whether the answer provided responds to your question accurately. In the case of uncertainty, a customer service representative would be happy to help you. You can call us toll free at 1-888-483-5628 or 514-394-5555.
  • The Chatbot is not a complaint service. You cannot use the Chatbot to file complaints. If you have any complaints, you can contact us at the number indicated above.
  • We monitor, record and store the discussion that you have with the Chatbot to improve our interactions with our clients.
  • You will not provide the Chatbot with any confidential, personal, or private information. For example, you will not provide the Chatbot with your login information, PIN or other personal banking information.

2. Limitation of Liability

You acknowledge that we won’t be liable for any losses or damages that you may suffer as a result of your use of the Chatbot, including if the Chatbot is unavailable for any reason.

We cannot guarantee that the results obtained via the Chatbot will be accurate and reliable and that the answers provided will meet your expectations.

We will not be held liable for damages you incur as a result of:

  • Any delay, error, interruption or omission on our part or any other event beyond our control.
  • Any deficiency or technical error or any unavailability of our systems and wireless networks.
  • Your failure to meet any of your obligations.
  • Any amendment to or suspension, refusal or blockage of the Chatbot.
  • Any decision or measure you take in response to information and data obtained via the Chatbot.
  • Any other damages you may incur that are not caused by negligence on our part.

3. Language

You have requested that these Terms of Use, and related documents be drawn up in English.

4. Governing Law

These Terms of Use are governed and must be interpreted in accordance with the laws in force in the province or territory where you reside. If you reside outside Canada, the laws in force and the courts of competent jurisdiction are those of the province of Quebec.

Virtual assistant