Skip to content
Join our Newsletter

Make your passwords 'ugly' to avoid identity theft: BBB

The top 100 common passwords of 2022 in Canada included 123456, password, hockey, canada and qwerty.
gettyimages-153251039

Is your password difficult to crack?

March 15 is the Better Business Bureau’s Password Day, and they’re encouraging the public to protect themselves from fraud by changing their passwords to be more ugly, thereby making it harder for hackers to solve. Twenty five per cent of Canadians changed their passwords less often than once a year, according to a 2022 Statista survey.

Notably, a third of respondents said they changed passwords between every three to six months.  With an average of 70–80 passwords to remember and manage per person, according to password manager company Nordpass, it's difficult to create, manage, and remember unique and strong passwords.

The top 100 common passwords of 2022 in Canada included 123456, password, hockey, canada and qwerty. “Knowing how to create, change, and use passwords safely is one of the simplest and most effective ways to protect the public from having online accounts broken into by hackers,” said Aaron Guillen, Media and Communications Specialist with BBB serving Mainland BC & Yukon Territory.

“By making an ugly password with random symbols, numbers, and words that aren’t directly tied to your identity, you are taking one easy step to protect yourself from fraud.”

BBB recommends the following six tips on how to protect your passwords: Use a “passphrase." Instead of using a single word, use a passphrase. Your phrase should be relatively long, around 20 characters, and include random words, numbers and symbols. Something that you will be able to remember but others couldn’t come close to guessing, such as: “I was a Canucks fan in 2010.” = iw@$Canuck$F@n/10 Use multiple passwords. Never use the same password for multiple accounts, especially for the most sensitive ones such as bank accounts, credit cards, legal or tax records or medical related files. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s for something harmless, such as an online shopping app, they will now know the password to every single account you own. When it’s available, use two-factor authentication. This requires both your password and an additional piece of information upon logging in. The second piece is generally a code sent to your phone, or a random number generated by an app. This will protect your account even if your password is compromised.  Change your passwords regularly. It’s a pain to change and then remember all your passwords, but it’s one of the best ways to keep your private information safe. It is best to schedule a time at least twice a year to update your passwords. Why not make that first step today? While doing so, also take the time to close old accounts that you no longer use, especially if they are associated with credit cards, or bill payments and do not forget to delete the inactive email and social media accounts. Check how long it takes to crack your password by going to passwordmonster.com Consider a password manager. A written list would be best, keep the list updated and organized, as well as secretive. But if you’re worried about losing it, consider a reputable password manager to store your information. These easy-to-access apps store all your password information and security question answers in case you ever forget. However, don’t forget to use a strong password to secure the information within your password manager. Avoid easy passwords. Avoid using information that is easily searchable like your pet’s name, mother’s maiden name, favourite team, the town you grew up in, your birthday/anniversary, etc. A strong password has at least 12 to 14 characters, mixed with uppercase and lowercase letters, numbers and symbols. According to the Government of BC, all you must do is add more variables to your password to make it much more difficult to crack. For example, they say a password with five digits, and uppercase and lowercase letters (eg. Apple) would take only 25 seconds to crack. Meanwhile, a password with more than nine digits, numbers, symbols and a variety of uppercase and lowercase letters (e.g., B3tterBu!sn3ssBure@u) would take at least 1,000 years.    For a full list of tips on how to create a strong password, click here.