Username and Password Security Tips

In an increasingly complex online world, Great Western Bank (GWB) is always striving to do their part to protect our customers, from online banking attacks. Below are some quick tips from GWB’s Information Security Team to keep in mind that you can do to protect yourself and your family.

Username Best Practices

  • Don’t use your email as a username.
  • Avoid user names that are too simple, similar to someone else or just your name.
  • Create a user name that is non-identifiable but not so complex you can’t remember.
  • Use a minimum of 10 or more characters including uppercase and lowercase letters, numbers and special characters. Some websites will have their own requirements.
  • Avoid using your social security number, specific dates tied to your identity i.e. birth date, your full name or parts of your address or phone number.
  • Use different user names for different online accounts.
  • Don’t choose a username that gives clues to your passwords such as a series of numbers/letters or the first part of a two-part phrase, such as knock-knock or starlight.
  • DO choose a username that’s appropriate for the type of account, i.e., business, social or personal.

Password Best Practices

  • Complexity: One of the first things to focus on is password complexity. Strong passwords are long, the more characters you have the stronger the password. Strive for a minimum of 14 characters in your password. In addition, we highly encourage the use of passphrases, passwords made up of multiple words. Examples include “It’s time for vacation” or “block-curious-sunny-leaves”. Passphrases are both easy to remember and type, yet meet the strength requirements. Poor, or weak, passwords have the following characteristics:
    • Contain eight characters or less.
    • Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
    • Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.
    • Are some version of “Welcome123” “Password123” “Changeme123”
  • Sharing: This is a dangerous practice! Once a password is shared, you lose accountability, you cannot track who did what because people have shared accounts. In addition, once a password is shared it may become more shared then expected, including with unethical individuals.
  • Dual Use: Using the same password for multiple accounts should be limited to non-critical accounts only, if at all. If your Facebook, Flickr and Blog commentary passwords are the same, that is perhaps acceptable risk. What is not acceptable is your Flickr login and password being the same as your work or online banking login and password.
  • Public Computers: Do not log into confidential networks from public computers, such as at an internet cafe, hotel lobby or airport terminal. These computers may be infected or at the very least residing on compromised networks. Only authenticate on trusted systems you control.
  • Phishing: No one should ever ask you for your password. If someone asks for a password assume they are an attacker.
  • Owned: Most compromised passwords happen from keystroke logging malware, not brute forcing. If you truly want to protect your passwords, then protect your computer from getting infected!

Related Posts

Stock image of a dollar bill and the words Covid-19 on top.

Fraud Alert: Unemployment Payment Scam

These are tough times, with many confused and uncertain about their financial future. It is at times like this that scammers are the most active, and we have to pay special attention to make ourselves less vulnerable.