How to create a secure password

22 October 2024 by National Bank
Illustration of a padlock with a password for an article about how to create a strong password

From accessing your electronic devices and apps to your email and bank accounts, passwords are an unavoidable part of life. Here’s how to create a foolproof combination to better protect your personal data.

In this article:

Why is a strong password necessary?

To ensure all your accounts are secure, it’s best to use a strong, unique password for each one. By doing so, you’ll help protect your data from a type of cyberattack called credential stuffing, whereby hackers are able to access your accounts using the same password combination. If you always use the same password, you’re putting your online security at risk: if just one of your accounts is part of a data leak, a malicious person could use this method to easily gain access to all your accounts. Once inside, they could change the password, steal your personal data and obtain your credit card numbers as well as the answers to your security questions.

In the worst-case scenario, they could steal your identity and go as far as making online purchases or even apply for a credit card in your name. 

If you notice any suspicious activity in your accounts, stay calm and follow these steps to protect yourself from identity theft.

What elements make up a strong password?

Creating a strong password is a simple yet effective security measure. Here are a few tips to outwit any hackers and ensure the protection of your personal data.

Choose a long, complex password 

Did you know that a 21-character password is considered to be unhackable? For a secure password, aim for a minimum of 12 characters and a combination of uppercase and lowercase letters, numbers and special characters. And keep in mind that the longer your password, the harder it will be to hack.

Opt for a passphrase

To create a long password that’s easier to remember, think of a phrase that makes sense only to you, such as “Eagle one catches the error.” You can also choose a sequence of words by associating objects or ideas; for example, you could string together four objects on your desk: “computer lamp mug phone.”

Make sure your sentence contains at least 12 characters and 4 words. To make it more complex, omit spaces and use a combination of numbers and symbols. Both “Eagle1catchestheerror!” or “computerlampmug1phone” are good examples.

Another option: think of a sentence. Now keep only the first letter of each word, mixing in uppercase and lowercase letters, numbers and special characters. For example, the sentence “My high-school locker number in grade 12 was two hundred and fifty-two” would become “Mhslnigtwthaft” or even  “Mhsl#ig12w252.” 

Avoid personal information

Don’t create passwords using your first name or names of family members, birthdates or the name of a pet. A hacker could easily find this information on your social networks.

Don’t use obvious combinations

You may be tempted to keep it simple, but that would be a mistake. Stay away sequences of numbers or letters such as “1234567,” “abcdef” or “qwerty.” These common passwords are just too easy to guess.

Choose a different password for each account

If you use the same password for all your online accounts, sites and apps, you run a greater risk of becoming a victim of identity theft.

Turn on two-factor authentication

Also known as two-step verification, two-factor authentication helps protect your data. Generally, this added security measure can be activated in the settings of the websites and services you use. Some institutions, such as National Bank, require it to ensure a secure connection to your online bank accounts.

The process is very simple: after providing your username and password, you’ll be asked to enter a one-time authentication code. This code will be sent to you by email, voicemail, text message or via a third-party application.

In some cases, you can choose how often two-factor authentication is required; for example, every time you sign in, every time you change your password or only when accessing your account from a new device or browser.

Do you run a business? If you haven’t already done so, make sure your sites and apps give users the option of using two-factor authentication.

Remain vigilant

Adopt these smart practices to increase the security of your accounts:

  • Avoid auto-fill functions (“Remember me”): your email address and other personal information could fall into the wrong hands.
  • Regularly change your passwords and never reveal them to anyone – not even your best friend or family members.
  • Don’t enter your passwords on a public device or when using public Wi-Fi.
  • Sign out of your accounts after each session.
Picto of a laptop with a cercled checkmark

Good to know: Scammers have all kinds of strategies to lure you into their traps. Be vigilant and wary of phishing and fraudulent communications. For example, never reply to emails asking for personal information such as sign-in details.

How can you securely manage all your passwords?

To foil any malicious attempts to access your data, it’s critical to create a unique, complex password for each account you have. So how do you remember all these combinations? With a secure password manager that remembers for you.

What’s a password manager?

It’s an online tool that keeps all your passwords in one place. To sign in to your various accounts, all you have to do is remember a master password. Simply enter it, and the manager will automatically fill in the sign-in fields with a random password.

Password managers are handy tools, but are they really secure? Yes, as long as you create a strong, unique master password and use two-factor authentication to access it.

How to choose your password manager

Speak to knowledgeable sources who can help you select a trustworthy password manager. You can also ask friends and family for recommendations.

Biometric identification – the use of fingerprints or facial recognition to unlock access to an account – is becoming increasingly common. Sooner or later, passwords will become obsolete. In the meantime, follow our tips for creating and managing your passwords to ensure your personal data stays safe.

Want to learn more? Explore our resources on preventing fraud.

Legal disclaimer

Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).

Tags :
Savings and investment, Banking, Security