silverorange slice logosilverorange Blog

The Canadian Goverment recommends: correct horse battery staple

Steven Garrity

One of our developers was researching best recommendations on password requirements for a new project. The discussion naturally led us back to the classic Password Strength comic from XKCD.

The comic includes the (good) advice to use memorable-but-nonsensical passphrases rather than passwords, with the delightful example: correct horse battery staple.

XKCD comic showing a password strength meter with a password of 'Tr0ub4dor&3' being rated as 'Difficulty to guess: Easy' and a password of 'correct horse battery staple' being rated as 'Difficulty to guess: Hard'.
From xkcd.com/936/

This developer ended up reading some password guidance from the Canadian government. We were delighted to discover that the Canadian government’s own official password guidance includes the XKCD example verbatim, including a Canadian bilingual twist:

“Passphrases are easier to remember and can be as secure as shorter, more complex passwords.

  • Choose 4 or 5 randomly selected words (for example, correct horse battery staple).
  • Include words from another language (for example, correct cheval battery staple).”

They also had this great follow-up advice: “Don’t use any of the password examples given above.”

👏 🇨🇦