How to pick a secure password - MoneySense

How to pick a secure password

High-tech security problem requires a low-tech solution.


You can’t write them down. You can’t use common words. They have to be at least seven letters long. And you need about 20 of them every day. Coming up with computer passwords that are both secure and easy to remember is practically impossible. “In the 1980s, you only had three or four passwords,” says Mikko Hypponen of IT security company F-Secure Corp. “Nowadays, every other website wants you to have an account, and it’s impossible to remember them all.”

The usual advice from security experts is impractical at best. They’ll tell you to have a unique password for each site and change it every 30 days. Your password shouldn’t be a name or a word in the dictionary, and it should contains numbers and special characters. It’s all too much for most of us, so we end up doing not-so-secure things like using the same password for everything, or putting our passwords on a sticky note on our laptop. But with the right tricks, you really can create passwords that are secure and easy to remember.

First off, divide your accounts into two categories: important and not-so-important. Obviously your online brokerage and bank accounts are important; webmail accounts such as Gmail and Hotmail are also crucial, because if attackers get in, they can reset passwords to your other accounts and lock you out. For less important sites, such as newspapers and hobby forums, you can probably get away with repeating a few passwords.

When creating a password, think of it as a “pass phrase.” Take a phrase from the chorus of your favourite song, poem or expression, and alter it with numbers or special characters to make it your own. For example, a fan of ’80s rocker Joan Jett could take the lyrics, “So, put another dime in the jukebox, baby,” and add special characters to a create the pass phrase “So_put_another_dime!” Even better, use the first letters of each word and get creative with characters and numbers to create “$pa10itjB.”

Still can’t remember your phrases? Turns out that it’s actually not a bad idea to write them down. “Writing passwords down used to be a major no-no, but it isn’t anymore,” says Hypponen. He points out that these days, you’re at greater risk of being targeted by international cyber criminals than your neighbour or co-worker.

It’s more secure to write your passwords down on paper than on your computer. “You just have to be smart about it,” says security expert Kevin Beaver. “Don’t label it as the keys to the kingdom. Write it down in a notebook and lock it in your desk drawer.”