Nelle Ortiz, a financial manager for a large Canadian manufacturer, was tasked with ensuring that her employer’s confidential data and assets were secure by way of strong password security and access control levels. While Ortiz kept her employer’s finances under ‘lock and key,’ she wasn’t nearly as diligent when it came to securing her own personal and financial information.

One evening, when attempting to pay her monthly bills through her bank’s online platform, Ortiz noticed that significant unknown transfers had been made out of her bank accounts entirely wiping out her bank balances. Ortiz contacted her bank to let them know that there had made a mistake, but instead, within minutes of speaking to the customer service representative, she was forced to come to the shocking conclusion that her bank accounts had been infiltrated by hackers and all her money stolen out of her accounts.

An investigation into the incident revealed that Ortiz’s use of simplistic passwords, coupled with her decision not to implement two-factor authentication, made it relatively easy for hackers to gain unauthorized access to her bank accounts and to wipe her of her life’s savings. Ortiz acknowledged that while she had been extremely diligent and cautious in securing her employer’s financial systems, she had invested minimal thought and effort into securing her own financial systems, ultimately causing herself a severe financial setback.

While this story may be a fictional account, it reflects a worldwide phenomenon of security breaches leading to billions of dollars of financial losses being suffered by individuals and companies every year, breaches which may very well have been prevented by the use of strong passwords.

Why Choose A Strong Password?

As we step further into the digital world and as services move to online platforms, we are constantly required to create new usernames and passwords to be able to access our personal information. In addition to the weak security policies of certain websites leaving our data completely exposed, we are equally as guilty of choosing passwords that are simple and easy to remember, or using the same passwords on multiple platforms for convenience – it’s less to have to remember.

Hackers know this and every day, they develop and use various types of automated software to submit hundreds of password guesses per minute to open our account. The tools include using lists of dictionary words to sequentially guess passwords, and some software will even add common symbols, numbers or signs that it thinks we may have added to the word to make it more complex.

A strong password serves as a protective layer and is considered to be one of our main lines of defence against hackers and cybercriminals intent on stealing our personal information and money.

While any password bears some risk of being cracked, the stronger the password, the more resistant it is to guessing, and the longer it will take to crack.

Tips for creating a strong password

  • The longer the password, the better it is
    • Hackers can usually break anything with seven characters or fewer. The more characters a password cracking program has to crunch, the harder it is for the software to guess correctly
  • Add random capitalization
    • As long as it isn’t the first character, throwing a capital into the mix can deter access
  • Remove the vowels from a phrase to create a ‘word
    • Instead of Little Red Riding Hood, try &LttlRdRdngHd)
  • Use a mix of letters and non-letters including letters and punctuation, or substitute letters for similar-looking characters
    • Instead of PasswordSafety, you can use pA55wordS@fety
  • Try to avoid correctly spelled words or names in your password. If you can’t, then there are a few tricks
    • Introduce silent letters into a word. Instead of Beautiful, perhaps Be9au3ti7ful
    • Deliberately misspell a word. Instead of keyboard, try *kiyBordd4
  • Long word and number combinations are helpful
    • Taking a few words of a phrase or title and separating them with numbers can make a password stronger. Instead of LiveMoreWorryLess you can use 4Live2More7Worry9Less$
  • Use a different password for each account, try to avoid overlap
    • While this can be the most frustrating tip, it is also the most important. It ensures that each account is covered under its own security layer
  • Change your passwords in response to specific events
    • If you are reusing passwords for different websites, change your passwords on all those sites if you are aware that one of those sites has been compromised.

Keeping your information safe is crucial in the digital age. If you are predictable or apply the simple and shortest password for all your accounts, you are going to get hacked. It is so easy for a skillful hacker to leave you with nothing. The cost of giving little thought and attention to your protection on the web could be really high.

Vashni Naidoo, CPA, CA, CFE is the Principal of The Business Bloodhound, a Toronto-based forensic accounting and business consulting firm that specializes in investigative accounting, litigation support, and organizational performance improvement. Her email address is: vashni@businessbloodhound.com