12.2.3 Personal identification numbers and passwords

Many people regularly need a Personal Identification Number (PIN) or password, for example to access their computer, use a bank machine or make an online purchase. PINs are a type of password using only numbers as opposed to a regular password which can contain number, letters and often special characters. If someone guesses or steals your PIN or password, that person will be able to steal your identity and use it to commit financial fraud. You can prevent this by choosing "strong" passwords – that is, passwords that are hard to guess.


  • Make your password at least eight characters in length.
  • Use at least one capital letter, one lowercase letter, and one number or special character (like punctuation or a symbol), but no spaces.
  • Use as many different characters as possible.
  • Change PINs and passwords often.


  • Store PINs and passwords on scraps of paper or your computer desktop.
  • Use the same PIN and password for multiple uses.
  • Use personal information that is easy to figure out, like your birthday or phone number.
  • Use a password that is the same as your account name.
  • Use PINs and passwords that are easy to spot while you're typing them in, like 12345 or qwerty.

Here are two methods you can use to create strong passwords:

  • Use the first letter of each word in a phrase you can easily remember. For example, "Today is a beautiful day for surfing" becomes "tiabdfs". But don't forget to add a capital letter and a number! So you could change it to: "Tiabdfs7".
  • Intentionally misspell words or use a word with a number or punctuation mark added. For example: "Co77ector" or "Braekfast" or "Wheatfi3ld?"

Create a new password for yourself. Check to make sure it's strong.

  • Does it have at least eight characters?
  • Does it have a mix of letters and numbers?
  • Does it have at least one capital letter, lowercase letter, number and symbol?
Date modified: