For whatever reason, TD Canada Trust (the best bank in Canada by the way) decided to limit the maximum length of your online banking password to 8 characters. One possible reason for doing so may be to prevent people from coming up with passwords that are too long or complex to remember and end up writing them down.

Unfortunately, they do realize that having simple-to-remember-passwords limited to 8 characters is insecure and thus, requires your password to be composed of letters and numbers. Some sites (CRA) enforce upper-and lower case into the mix, while still limiting your password length. Perhaps it gives the user the sense of security?

Referring to an article I read a couple years ago on Password Usability, a password composed of two common words is more secure than a password composed of 6 random characters (no numbers) – chickenpaper is more secure than zcacnq. With a password composed of three common words, the password would theoretically take 2,537 years to crack against a dictionary attack (impossible to brute-force).

Which is easier to remember? Which are you more likely to write down on a post-it note and stick it on your monitor? These are both considered indefinitely secure.

kZ98c5aQ or turbogoesforawalk

You decide.