Password vulnerability is more common than you might think.. Luckily, it’s simple once you know a few basic principles. These apply to all your online accounts, not just Luno.
How passwords get leaked
Here's a hypothetical example of how the password to a Luno account could get leaked:
Years ago, Julie signed up for her first email account. Unfortunately, she didn't know much about security at the time and used the same password on another site. The site didn't have good protection in place, and several years later hackers managed to steal all passwords from its user base.
Julie never changed her email password or turned on two-factor authentication, meaning the hackers could easily guess the password and gain access. With control of her email, the hackers then requested a password reset for her Luno account (which didn't have two-factor authentication either.) So despite Luno's impeccable security, they could simply log into her account and steal from her.
We encourage all our customers to use strong passwords and turn on two-factor authentication to avoid preventable security problems. Including Julie.
Here’s a quick weak password checklist:
- Is it your name, or the name of your partner, a family member, pet or child?
- Is it your birthday, wedding anniversary or another important date?
- Is it your favourite book, movie, or anything someone who knows you could guess easily?
- Is it the same one you use for other sites?
- Is it 'password', '1234', 'qwerty' or any other common password?
- Is it too short (under 12 characters)?
- Have you shared it with anyone, or left it written down where it might be found?
- Have you forgotten to turn on two-factor authentication?
What does a strong password look like?
A strong password should include:
- More than 12 characters
- Uppercase and lowercase letters
- Numbers and symbols (e.g ! and @)
- No easily guessed information (e.g. your name or date of birth)
- No repetition, words found in the dictionary (find out why here), or common passwords
How to safely remember your strong passwords
Many people use weak passwords because it's difficult to remember numerous strong ones. But there's a solution that lets you enjoy security and simplicity: a password manager.
It's a desktop program or app alongside a browser extension that records and auto-fills all your passwords for you. Some people worry about using a manager because the company might get hacked and lose all their passwords. This is a valid concern, but password management services use strong encryption methods, so it is still more secure than trying to remember all your individual passwords.
It is crucial that you take the utmost care with securing your password manager account. You can do this by keeping software up to date and using two-factor authentication, which is the best way keep your passwords safe. At Luno we use LastPass, which generates long strings of random characters and stores them for you