Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Change your password regularly. (Angela Waye/Getty Images/Hemera)
Change your password regularly. (Angela Waye/Getty Images/Hemera)


Cracking your password is as easy as 1234 Add to ...

Here at Collected Wisdom’s executive penthouse suite, we’re trying to think of a new password for our online Swiss bank account. It has to be one that’s really tough to crack. Got it! We’ll use the word “password” as our password. No one would ever think of that.

The question

Tony Kicinski of Markham, Ont., says some computer-security experts recommend that users change their passwords every month or so to foil hackers. But surely a hacker would spend only a matter of hours, not months, trying to crack a password. Since you can’t change your password every few hours, why change it at all?

The answer

The question is based on a mistaken understanding of what happens to your password after it is cracked, writes Ira Greenblatt of Ottawa .

“Most commonly,” he writes, “collections of user IDs and passwords are sold and used later, not necessarily immediately. So changing your password regularly is definitely a good idea.”

That being said, if someone is specifically attacking you because of who you are, such as a particularly important person with valuable information, the premise of the question is valid, he writes. Changing your password every month or so won’t help.

“The bottom line is that there are lots of ways you can be cyber-attacked, so have a strong password, change it regularly, do not use the same password for all your accounts, apply all security patches, run up-to-date anti-virus software, be suspicious of odd e-mails and websites, and do your backups.”

More on this from Steve Chapelle of Toronto, an information technology professional who works mainly in the financial-services sector. He advises against using dictionary words in your password. “A ‘dictionary hack’ program can test all possible combinations of dictionary words and numbers in a few hours,” he says. “Instead, create a non-existent word by compounding two words or names along with numbers and symbols, such as PorscheMaple$48.”

Better still, he writes, “create a password derived from an event in your life. A phrase such as ‘2009 Florida vacation’ meets standard requirements of upper- and lower-case letters, numerals and symbols (the spaces).” If your password is limited to 14 characters, simply shorten the phrase.

The question

Speaking of Internet matters, Miriam Pyett of Shields, Sask., asks: Why do some online bill payments take up to two business days to go through? Since the transfer is electronic, why doesn’t it just go through immediately?

The answer

“Until it is proved to me otherwise,” writes Elizabeth Bigelow of Victoria, “I shall continue to believe that it takes two days to transfer bill payments so that the banks have use of the money for two days to collect interest.” Her payments may be relatively small, she says, but adding them to hundreds of thousands of others creates millions of dollars in extra revenue for the banks.

Are there any bankers out there who would care to enlighten us on this practice?

Help wanted

Why do dishes and utensils come out of the dishwasher completely dry while plastic containers are still beaded with water? David Malcolm of Hamilton wants to know.

Speaking of washing dishes, Sebastian Grunstra of Ottawa was told that dish detergent and hair shampoo are basically the same thing. Is this true?

Are there any important cities or towns in the world that aren’t located on water, be it a river, lake or ocean? asks Charles Owen of Shelburne, Ont.

Let’s hear from you: If you have the answer to one of these questions (or have a question of your own) send an e-mail to wisdom@globeandmail.com. Please include your location and a daytime phone number.

Report Typo/Error

Follow us on Twitter: @GlobeDebate


Next story




Most popular videos »

More from The Globe and Mail

Most popular