Alert iconWarning: Unsupported web browser

In View no longer supports your current web browser version, which means some functionality may be limited. Please update your browser for the best experience before you log in.

close icon
Citi Private Bank logo

Unsupported browser

Our website no longer supports your current web browser version, which means you are no longer able to access this website. Please update your browser to continue.

Continue
Cybersecurity
May 13, 2021
4 mins

How secure are your passwords?

May 13, 2021
4 mins
Matthew Rhodes
Cybersecurity Co-Lead, Global Technology
Alejandro Serrano
Cybersecurity Co-Lead, Global Business Risk
Business man on his phone
SUMMARY

In a world of rapidly growing cybercrime, maintaining robust password security is essential. Here are some actions you can take to help protect your accounts.


Forgetting a password can be a frustrating experience.

That’s especially true when you’re under pressure, perhaps because there’s an important booking to be made or a vital transaction that needs approval.

At that moment, the last thing you want is to have to go through a password reset.

Even worse is getting temporarily locked out of an account after too many failed attempts to enter the correct password.

To simplify matters, therefore, there’s an obvious temptation to use an elementary password that you’re unlikely to forget – and then to use it again and again across multiple accounts.

And it’s a temptation to which many people are succumbing.

Numerous studies of the stolen passwords that hackers frequently leak online show a striking preference for the most elementary configurations.

Among the most popular passwords of all are: 123456; 123456789; password; qwerty; and iloveyou.

Favorite sports teams and names of pets – both of which can often be determined from our social media accounts – also make regular appearances.

While such passwords are clearly easy to remember, they are also simple for cybercriminals to guess.

Such hackers typically deploy bots that follow a heavy-duty trial-and-error process called brute force.

This process involves the bots entering passwords in rapid-fire succession until they guess successfully.

A first port of call in the brute force process may well be the most common passwords to have emerged in leaks.

So, if your password is no harder to crack than, say, a string of sequential numbers or keyboard letters, the chances are that cybercriminals could soon access your data or funds.

Needless to say, the potential losses and feeling of violation far outweigh the time and effort that it would have taken to secure your account.

How, then, can you reduce the chances of your falling victim to the hackers’ brute force tactics?

Here are some simple but effective actions you can take to create and maintain security around your passwords:

Build robust passwords

Short and simple passwords made up exclusively of either letters or numbers are almost an open invitation to cybercriminals.

By contrast, the longer and more complex the password, the harder it is to crack.

The second commonest password in 2018 was indeed the word password itself.

A hacker’s bot might typically take just 1 second to guess this.

But the same bot could take 400 years to guess Cr34teAStr0ngp@ssW0rd.

Making your password at least eight characters long and combining upper- and lower-case letters, numbers and special characters is therefore recommended.

You might use a favorite song, poem or play as the basis for this.

For example, if you know a piece of Shakespeare off by heart:

Whether ’tis nobler in the mind to suffer

The slings and arrows of outrageous fortune”

You might create something like this, substituting numbers and special characters for certain letters:

wTn1tM2sTs&>oOf

Use a unique password for every account

Alongside obvious passwords, using the same password on multiple different accounts is another common failing.

It means that if your password from one account gets leaked online, a hacker could associate it with you before tracking down and targeting your other accounts.

For every individual account, therefore, you should also have a separate and secure password.

Change your passwords regularly

It is not uncommon for people to keep the same password for many years at a time.

This creates more opportunities for cybercriminals to obtain and then misuse your password.

In certain cases, hackers can breach an account and then revisit it numerous times undetected.

A regular change of passwords can reduce the risks of harm if they get compromised.

Never share your password with anyone else
Now and again, you may find yourself too busy or lacking the connectivity to perform a certain transaction.

Especially if it is urgent, you may want to give your password so to someone else to do it for you.

While the other person may be a trusted individual, sharing your password is always to be avoided.

Even if their conduct is honest, they could still inadvertently compromise your account by keeping a record of your password that subsequently falls into the wrong hands.

If anyone else ever does find out your password, you should change it immediately.

Never write your passwords down

In most cases, unauthorized attempts to access your online accounts occur remotely.

But although less common, in-person attacks are also possible.

If you retain a handwritten backup of your passwords, there is always the risk that it somehow falls into the wrong hands.

For this reason, you should avoid committing your passwords to paper.

Avoid using insecure devices

Hackers frequently try to steal passwords and other vital information from devices.

The malicious software they covertly insert can often record keystrokes, such as login and other details.

You should avoid using third-party devices to access your accounts and be wary of inadvertently downloading malicious software to your own computer, tablet and smartphone.

Insights

See our insights into the key issues for you and your wealth.

View all insights

Insights

See our insights into the key issues for you and your wealth.

View all insights