Strong Password: do’s and don’ts

Risk: Passwords are not for a lifetime. Given enough time, hackers or fraudsters will eventually crack any password. This is why many websites require users to regularly change their password. Unfortunately, many individuals tend to have a few passwords that they use in rotation.

Solution:  Secure your accounts by changing your passwords every month. It is also a healthy practice to use new unique passwords and not use passwords on rotation. Also, try to include capital letters in the middle instead of the beginning or end of the password.

Example: Use unique intuitive passwords that are also easy for you to recall. For example, you can switch your office email password between off_liaM@1998 to liaM_off@9-98 where you reverse the first part and add the month-year of your joining as the numeric component in your password. Using special characters makes it tough to crack your password.

Risk: While setting passwords, it is important that you use a random or hard-to-guess series of numbers or letters. Using your birthday, month or year in the password is not a safe practice.

Solution: Most websites, including personal emails, social networking sites and online banking platforms insist on passwords with at least 8 characters with a combination of letters, numbers and symbols. You should use both upper and lower case for your password. To strengthen your password, combine different unrelated words into your password.

For example: It is ideal if you can use 3-4 words to create your password. Do not incorporate pet names to make it easier to remember. You can instead create a stronger password like "ILOVE!myy3llow#lAb" (reads as "I love my yellow lab"). 

Risk: We often log in to websites to check our information (credit balance, shipping status, etc.), but we rarely log out of the website after we are done. Someone using your computer after you could then view and alter your information since the device is already logged in to your account.

Solution: Always log out after completing any online transactions on a website. When using mobile apps, remember to exit and close the app.

Many websites and mobile applications allow you to log in using Gmail, Facebook or other social media networking credentials. Although this is convenient, it is not recommended as it also makes you vulnerable to more damage from a single security breach. Always remember to be suspicious and cautious about emails, phone calls and text messages requesting for your password for any reason. No legitimate organisation will ever ask you for your password.

*PS: Don't use the exact examples above as your password! Always create your own unique passwords to ensure that you are well protected.   

This article is brought to you by CIMB as part of our ongoing efforts to raise the level of financial literacy among Malaysians. Financial knowledge and understanding are key to making well-informed and meaningful financial decisions towards positively improving welfare and well-being of communities. This is one of our many efforts to achieve CIMB’s purpose of advancing customers and society.