Please enter your password…

Complex passwords are necessary for security across one's personal and work accounts
A person managing their account security with their smartphone

If the first thought that comes to mind is to use your favourite password, because you think it’s long and complicated enough and fits the requirements of most, if not all websites, then *loud buzzer sound*, you’ve just marked yourself as a potential victim of cybercrime.

Here’s a scenario.

You’re signing up for an nth work-related account and you’re being asked to enter a strong and unique password, with all the bells and whistles: a mix of upper- and lower-case letters, plus a symbol and a number (or two) and a total of at least 10 characters. You think of the perfect, ‘unique’ and secure password you’ve devised – one that you’ve been pulling effortlessly from memory, aka your go-to password – and decide to go with it. Computer says ‘Password accepted’ and you go on with your day.

All may seem well and good but what’s really happened is a lapse in cyber hygiene. When this occurs, you’ve opened doors for hackers to steal your data. We all know this: passwords protect the personal credentials that are linked to almost everything you do online. Have a think about how many personal and work accounts you access every day… isn’t that quite a lot of personal information for the taking? And don’t forget, personal credentials aren’t only linked to data. They’re also linked to the hard-earned savings sitting in the bank account that you access online. Plus, hackers may not target just your personal information. They may infiltrate networks and wider databases of information, which can endanger a host of people and organisations.

4 steps to achieve online password security

To stay out of harm’s way – aka not become the loophole that cyber criminals are ready to exploit – it’s best to keep a cyber hygiene regimen. Here are the steps to follow:

1. Create strong, unique passwords and PINs because ‘This is the way’

Recycling passwords, no matter how strong they are, is the biggest contributor to password-cracking incidents. An upside to this is that if more people – like you! – were to fight the urge to repeat their passcodes, across different accounts, security around the internet would be greatly increased. The recommendation is to create a unique, complex password for each personal and work account.

Keep these three pointers in mind for strong passwords:
(i) use a minimum of 12 characters where possible;
(ii) use numbers, symbols and upper- and lower-case letters; and
(iii) avoid names, dictionary spellings and sequential characters (i.e. 123456).

2. Use Multi-Factor Authentication (MFA) when given the option

MFA refers to the combination of a password with at least one of the following elements:
(i) biometrics (fingerprint or facial recognition), or
(ii) identity authentication or a unique PIN via a separate personal account or device.

Multi-factor passcodes add on a layer of security and are recommended when it comes to protecting health, financial, insurance and other confidential accounts.

3. Keep your passwords to yourself (only pets are exempted)

Keep your passwords, PINs and OTPs secret, as any compromise could lead to the theft and use of your personal credentials. I mean, who can forget the OCBC phishing scandal from last year? So, what can you do? Don’t share your password, PINs or OTPs with anyone; don’t write them down; and don’t let others watch you when you type them in.

4. Store your passwords safely – like your life depends on it

There’s just the tool to help you fulfil the first three checkpoints. A password manager, which acts like a digital safe, lets you create strong, unique passwords and beyond that, allows you to manage usernames, passwords and PINs for all your accounts. A master password is all you need to access this information vault.

Extra tip: Avoid storing your passwords within your internet browser. It may seem convenient but not all browsers are built to store usernames and passwords securely.

Did you know?

Studies have shown that a hacker can almost instantly crack a numbers-only, 10-character password, while it will take them approximately 430 trillion years to crack an 18-character password that features a mix of numbers, symbols and upper- and lower-case letters. Security takes effort, but being stringent and meticulous with your passwords will make for a safer and more pleasant online experience.

In the near future… hopefully?

Passwords have been likened to “cockroaches of the internet”. They’re often used within networks that are open to knowing, prying eyes, and are therefore unreliable and the cause of a lot of problems. And as miserable as it sounds, it is what it is, for now. Passwords are necessary.

The good news is we have been moving towards a password-less future. The Fast Identity Online Alliance (FIDO), a tech group comprising companies such as Apple Inc., Google and Microsoft Corp., has been working on a system that allows users to log into their accounts with their smartphones and computers. The technology involves PIN codes, facial and fingerprint recognition. The improved login process will see users move between accounts via their personal gadgets, with no human-readable information passed over hackable networks. That’s something to look forward to!

Important note

If you've shared OTP information with a third party and would like to report an alleged scam or fraud attempt, please send an email to [email protected] with the following details:

  • Approximate time and date of the alleged scam or fraud
  • Communication channel used (i.e., SMS, email, etc.)
  • A copy of the scam or fraud message, if available

Enjoy reading our articles?

Subscribe to Money Banter to receive useful tips and guides on insurance and offers on products and services.

Thank you for your submission. 

By clicking “Submit”, you consent to Singapore Life Ltd. (“Singlife”) and Singlife related companies contacting you to provide you with information concerning Singlife and Singlife related companies’ products and services and special offers which may be of interest to you.
For details of Singlife's Data Protection Policy, please refer to To withdraw your consent at any time, please call Singlife at +65 6827 9933.

Important Information

Money Banter (the "Portal") is for general information only and does not take into account the specific investment objectives, financial situation, health condition and needs of any particular person. The contents of this Portal are intended merely for educational purposes and should not be construed as the giving of advice or the making of a recommendation. Nothing contained in this Portal shall constitute a distribution, an offer to sell or the solicitation of an offer to buy. We recommend that you discuss any specific matters with your financial adviser representative or legal adviser before making any decision. You are responsible for your own medical care, treatment and oversight, and any health-related content on this Portal, including, text, treatments, dosages, outcomes, charts, profiles, graphics, images, messages and forum postings are strictly information to promote general understanding of certain health topics only, do not constitute the providing of medical advice, and should not be relied upon as a substitute for professional medical advice, diagnosis or treatment. Always seek advice from a physician or other qualified health care provider regarding your medical condition or treatment and before undertaking a new health care regimen. This Portal may include information sourced from third parties and links to third party websites. We are not responsible for the accuracy or completeness of, and do not recommend or endorse such information or third party websites nor recommend or endorse any specific tests, physicians, products, procedures, opinions or other information. While we have taken reasonable care to ensure that the information on this Portal has been obtained from reliable sources and is correct at time of publishing, information may become outdated and opinions may change. Except to the extent prohibited by any law, we are not liable for any loss (including direct, indirect and consequential loss, loss of profits, loss or corruption of data or economic loss of any kind) that may result from the access or use of or reliance on the information on this Portal.  | Terms of Use | Data Protection Policy

Protected up to specified limits by SDIC. This advertisement has not been reviewed by the Monetary Authority of Singapore.