[an error occurred while processing this directive] George Stroumboulopoulos Tonight | No, “Password” Isn’t A Good Password: Some Tips On Choosing A Better One


Sundays 8pm to 11pm on Radio 2

New Episodes at CBC Music

New Episodes at CBC Music

Need more Strombo Show? Head over to our page on CBC Music for new episodes, playlists and video extras.

CBC Music Past Shows



News Promo
No, “Password” Isn’t A Good Password: Some Tips On Choosing A Better One
August 31, 2012
submit to reddit

According a study of Internet users conducted last year, the most popular password choice for online accounts is the word "password." And as the recent hacks of LinkedIn and eHarmony prove, that can lead to serious security problems.

So what makes a password effective? On the surface, it seems like adding lots of random numbers and symbols to your password will make it harder to crack, but as this (geeky, mathematically advanced) comic from xkcd suggests, that might not always be the case:


The Atlantic Wire sat down with hacking expert Alex Horan (he works "for good, not evil" according to the PR liaison for his company CORE Security) to ask for some tips on coming up with more secure passwords for banking, social media, email and all the other electronic interfaces that require them.

Here are a few ideas.

Save your brain: focus on important accounts
If you have multiple bank accounts, each one should have a unique, hard-to-guess password. So should your email, since that's where hackers could go to reset all your other passwords. But for less important stuff, you can use a "dumb password" - basically a nonsense phrase, all lowercase, that you'll be able to remember pretty easily.

PassWORD? How about passPHRASE?
No matter how obscure the word you choose, a single-word password can probably be guessed. But a whole phrase? That's harder. Horan suggests the first line of your favourite book, for instance. You'll remember it, but the chances of someone cracking it are slim, especially if it's long. Check out how much harder it is to crack a 14-letter password than a 10-letter one:


Switch up your login name
Most people only have one main personal email account, and that's probably the one associated with all your accounts online. Horan says this is a mistake. He suggests creating new email addresses for each of your social media accounts. So for LinkedIn, he created linkedin.alexanderhoran@gmail.com. Once hackers have cracked your password, they'll likely search for the same username/password combo elsewhere. This way, they won't find it.

Be personal and specific with your password
If you use the name of a loved one, their birthdate, or the place where you live as a password, hackers stand a pretty good chance of figuring it out. So pick something more personal: blogger John Pozadzides suggests "a place you love, or a specific car, an attraction from a vacation, or a favourite restaurant."

Keep all those passwords straight with an encrypted storage space
If you take Horan's advice, you'll end up with as many (long, hard-to-crack) passwords as you have electronic accounts. Keeping them all safe is tough, especially since you should never write them down. Luckily there are various services online that will store all your passwords behind a heavily encrypted wall, so you can access them when you need them. Check out 1Password or LastPass if you're interested.

Related stories on Strombo.com:

UPDATE: Now Will You Update Your Password?


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Submission Policy

Note: The CBC does not necessarily endorse any of the views posted. By submitting your comments, you acknowledge that CBC has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that comments are moderated and published according to our submission guidelines.