How To Choose Secure Passwords: A Guide
Your passwords are the keys to your online accounts
It’s incredibly important to use strong passwords, especially for any financial accounts.
We’ve put together this guide to password security best practices to help you keep your Luno account secure. These don’t just apply to Luno though. They’re essential across all your online accounts, especially email and anything financial.
How to choose a strong password
There are two main ways an attacker could break into your account: they could attempt to guess your password (in particular if they’re targeting you personally), or they could ‘brute force’ attack (trying all possible passwords.)
Using a strong password makes it difficult for someone to guess, and means it would take years or even decades for a brute force attack to identify it.
A strong password is long, complicated, and unpredictable.
Here’s a summary of the do’s and don’ts for password protection.
DO
- Use a unique password for each site
- Use a mixture of letters, numbers, symbols, upper and lower case
- Use unusual and unpredictable passwords
- Use long passwords (ideally 12+ characters)
- Change your passwords on a regular basis
- Opt for a password generator (a password manager may offer this)
- Check the strength of your password
DON’T
- Use the same password for multiple sites
- Use common or predictable passwords
- Use default passwords
- Use short passwords(fewer than 12 characters)
- Keep the same passwords for too long (e.g. a year)
- Enter your password when someone could be looking over your shoulder
- Share a password with anyone else
- Repeat words within a password
What does a strong password look like?
A strong password should include:
- More than 12 characters
- Uppercase and lowercase letters
- Numbers and symbols (e.g ! and ?)
- No easily guessed information (e.g. your name or date of birth)
- No repetition, words found in the dictionary, or common passwords (find a full list here)
How to remember your strong passwords
If you’ve ever used a weak password (we’re all guilty at some point) it probably wasn’t because you didn’t want your account to be secure — it was for convenience. Remembering strong passwords is tricky, which is why many people repeat the same ones across multiple sites or use weak ones.
Luckily, there are options other than memorising all your strong passwords:
- Write them down (and keep it somewhere hidden and away from your computer)
- Use passphrases (longer phrases instead of words)
- Use a password manager (a program or app that securely stores your passwords for you)
Of the three, we strongly recommend using a password manager.
Writing passwords down is moderately secure if you don’t leave them in an easily accessible place or near your computer, and make sure no one knows where you’ve recorded them. However, it’s still risky and you could lose the piece of paper, or be unable to access it when you’re in a different place.
A passphrase is a long, memorable phrase which does use dictionary words, yet is a lot harder to guess than a short one. For example, if your dog’s name is Fred, using a variation on that (e.g. ‘Fred123’) is a weak, predictable password. However, a longer phrase such as ‘FredIsTheCutestDog137’ is considerably more secure. Passphrases still take a lot of effort to remember if you have a lot of different accounts.
A password manager lets you use complex passwords without worrying about remembering them. It’s a desktop program or app alongside a browser extension that records and auto-fills all your passwords for you.
Some people worry about using a manager because the company might get hacked and lose all their passwords. This is a valid concern, but a password manager is still more secure than trying to remember all your individual passwords. They use strong encryption methods.
It is crucial that you take the utmost care with securing your password manager account, using the strongest password of all, turning on two-factor authentication, and keeping the software up to date. At Luno we use LastPass, which generates long strings of random characters and stores them for you.
How to protect your passwords from phishing
Phishing is when criminals try to get hold of sensitive information, such as passwords, by creating fake websites, emails, messages, or social profiles.
It’s a big problem for any sort of financial services and cryptocurrency exchanges and wallets need to be very careful.
Even if you use a strong password, you’re still at risk of a phishing attack. We’ve covered best practices for protecting yourself against phishing before, but this is a brief summary.
Remember to:
- Always enter the web address (e.g. Luno.com) directly into your browser, don’t search for the name
- Check you’re not on a fake website that looks similar but has a different web address (e.g. Luino.com)
- NEVER give your password by email, a message (e.g. Whatsapp), text, or over the phone
- If you’re unsure about an email, don’t click any links — go straight to the web address
- If you’re unsure about a website, enter an incorrect password — if it logs you in, it’s a fake site
The importance of two-factor authentication
Two-factor authentication adds an extra step to the login process, requiring you to enter a password, then enter a code received by text or via an app like Authy.
Turning on two-factor authentication (2FA) is a crucial way to secure your accounts.
Although 2FA makes logging in more time consuming, it’s essential for securing important accounts, like your email, online banking, and Luno account. If you have the option, it’s a good idea to turn on 2FA because it’s difficult for anyone to access your account without also having access to your phone.
If you suspect your Luno account has been compromised, you can lock it for 7 days while you secure your password. We also recently launched transaction authorisation to add additional security.
Security is our biggest priority at Luno. But we can’t do it all from our end — we also need you to help us keep your cryptocurrency safe by always using strong passwords for your Luno account.
