Skip to main content

Why Strong Passwords Matter — and How to Create Them

By Diane Amato

Published September 14, 2023 • 4 Min Read

Your passwords matter. They are the first line of defence against unauthorized access to your online accounts, devices, and files. Naturally, the stronger the password, the more protected your data will be from threat actors.

So why do so many Canadians use common, easy-to-guess passwords such as password, 123456, hockey and Canada (identified by NordPass as the most commonly used passwords in 2022)?

One reason is that it’s often too hard to remember all the passwords for each of our accounts.

While keeping track of all of our passwords can feel like a big challenge — and coming up with clever combinations of letters, numbers and symbols can seem overwhelming — some basic tips can help boost your password game and better protect your data.

Here are some steps you can take to help ensure you are using strong passwords or pass phrases.

10 easy tips for a stronger password

  • Never share your passwords with anyone. Put quite simply, don’t share your passwords – not with your friends, your IT department, or your bank. No one but you should know them.

  • Don’t use your Online Banking password for anything else. While it’s best not to re-use any passwords at any time, it’s especially important to use extra caution when it comes to sensitive information such as your bank account.

  • The longer, the better. Experts suggest creating passwords that are at least 12 characters long, ideally 16. Most online user passwords are eight characters, which are much easier to crack than longer versions.

  • Use phrases instead of words. To get that character count up, and to make your passwords easier to remember, consider using phrases made up of random words (i.e., DelayElephantBuy or mature-stiletto-algebra-envision-number. Another good trick is to use the first two letters of each word in a sentence to create a password that’s memorable to you: “La Bella Trattoria was my favourite Toronto restaurant” could yield the password: LaBeTrwamyfaTore97!

  • Complexity still counts. Adding a combination of letters, symbols and numbers makes your passwords tougher to crack. For instance, DelayElephantBuy can become De!@yE!eph@nt8uy.

  • Avoid including sensitive info. Including your birthday or pet name within your password exposes more information that could be used to compromise your security.

  • Reset your passwords regularly. The longer a password has been in use, the more likely it has been leaked in a data breach.

  • Don’t ignore data leak warnings. Google and Apple both alert users if a saved password on the Chrome or Safari browsers have been involved in a data breach. Take this message seriously and change your password right away.

  • Use multi-factor authentication. While passwords are more secure than no protection, your data is far safer if you combine a password with multi-factor authentication (MFA). MFA, also known as Two Factor Authentication (2FA) requires additional verification – such as a fingerprint or PIN to identify yourself — and can offer a second line of defence.

  • Use a password manager. Password managers generate strong, random passwords and remember them for you when you’re logging into an account, so you don’t have to. Your encrypted password database can then be accessed with just one master password or passphrase, which means you’ll just have to remember one. That’s a lot easier than keeping 150 passwords in your head!

A hacked password can result in the loss of personal, financial, or medical information and a long-lasting impact on your reputation and credit score. These tips can help you create strong passwords that protect you online.

*Source: Study Reveals Average Person Has 100 Passwords,, March 21, 2023

Diane Amato is a Toronto-based freelance writer who loves to talk about finances, travel and technology.

This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.

Share This Article


Cyber Crime Cyber Security Cyber Tips Security/Securing Devices