In our ongoing effort to improve the security of Web Branch, we now allow you to choose a password of up to 32 characters. By allowing more characters, you can now use a "passphrase" rather than just a single word password.
From Wikipedia:
Typical advice about choosing a passphrase includes suggestions that it should be:
- Long enough to be hard to guess
- Not a famous quotation from literature, holy books, et cetera
- Hard to guess by intuition—even by someone who knows the user well
- Easy to remember and type accurately
- For better security, any easily memorable encoding at your own level can be applied.
- Not reused between sites, applications and other different sources.
Since online security is only as strong as its weakest link, we also recommend having a unique password only for use on Web Branch. Other sites may have significant security issues in how they store and manage passwords. If your password is stolen from another site, and you aren't using it for more sensitive sites--like online banking--you won't have to worry about your account being compromised.
For more information on choosing a good password and our online security, please see our main website:
http://www.uwcu.org/OnlineBanking/OnlineSecurity/Passwords.aspx
http://www.uwcu.org/OnlineBanking/OnlineSecurity/Default.aspx
A favorite saying or song lyric is terrible advice for a password. Any moderately intelligent bad guy will have them in his password database. You should be encouraging truly strong passwords: http://xkcd.com/936/
ReplyDeleteYou are correct about it being something famous or well-known. I've updated the post. I also like the XKCD advice.
DeleteI've raised this question about password length few times and now it is done! Thanks guys for your efforts of making UWCU perfect!
ReplyDeleteI can't update my Quicken account because it says "info Quicken has from UW Credit Union is that password can be no longer than 10 characters long." Could you please fix that? Thanks.
ReplyDeleteWe have been working with Quicken and were told this was resolved. Sorry about the inconvenience. In the meantime, please continue to use a 10 character password.
DeleteAny word on when two-factor authentication (either RSA type tokens or smartphone app) will be set up?
ReplyDeleteWe have been working on lining everything up to offer more (and better) authentication options for quite some time. We are in the home stretch and I hope we can start offering it to members in November. Keep you eyes on this blog for more information.
DeleteGreat news, thanks!
DeleteThanks, I am also looking forward to 2-step authentication!
ReplyDeleteAn update on true two-factor authentication--we are in our final stages of testing. As you can imagine, we need to get it right so we are taking a bit of extra time. It is looking like we'll be able to offer it as an optional enrollment before the end of the year.
DeleteThanks for everyone's patience.
About time!
ReplyDeleteThis is pretty cool -- great update. I'm personally more interested in restricted/read-only application-based passwords for things like mint.com before 2-factor auth. Then I don't have to give away all of my personal security answers. ING Direct does this.
ReplyDelete