Thursday, August 30, 2012

Web Branch Passwords Now Up to 32 Characters

The first defense in protecting your online accounts is choosing a good password. Beyond including numbers, symbols and capital letters, password length also plays a role.

In our ongoing effort to improve the security of Web Branch, we now allow you to choose a password of up to 32 characters. By allowing more characters, you can now use a "passphrase" rather than just a single word password. A favorite saying or song lyric is usually easy to remember and makes your password virtually uncrackable.

From Wikipedia:
Typical advice about choosing a passphrase includes suggestions that it should be:
  • Long enough to be hard to guess
  • Not a famous quotation from literature, holy books, et cetera
  • Hard to guess by intuition—even by someone who knows the user well
  • Easy to remember and type accurately
  • For better security, any easily memorable encoding at your own level can be applied.
  • Not reused between sites, applications and other different sources.

Since online security is only as strong as its weakest link, we also recommend having a unique password only for use on Web Branch. Other sites may have significant security issues in how they store and manage passwords. If your password is stolen from another site, and you aren't using it for more sensitive sites--like online banking--you won't have to worry about your account being compromised.

For more information on choosing a good password and our online security, please see our main website:

http://www.uwcu.org/OnlineBanking/OnlineSecurity/Passwords.aspx

http://www.uwcu.org/OnlineBanking/OnlineSecurity/Default.aspx

14 comments:

  1. A favorite saying or song lyric is terrible advice for a password. Any moderately intelligent bad guy will have them in his password database. You should be encouraging truly strong passwords: http://xkcd.com/936/

    ReplyDelete
    Replies
    1. You are correct about it being something famous or well-known. I've updated the post. I also like the XKCD advice.

      Delete
  2. I've raised this question about password length few times and now it is done! Thanks guys for your efforts of making UWCU perfect!

    ReplyDelete
  3. I can't update my Quicken account because it says "info Quicken has from UW Credit Union is that password can be no longer than 10 characters long." Could you please fix that? Thanks.

    ReplyDelete
    Replies
    1. We have been working with Quicken and were told this was resolved. Sorry about the inconvenience. In the meantime, please continue to use a 10 character password.

      Delete
  4. Any word on when two-factor authentication (either RSA type tokens or smartphone app) will be set up?

    ReplyDelete
    Replies
    1. We have been working on lining everything up to offer more (and better) authentication options for quite some time. We are in the home stretch and I hope we can start offering it to members in November. Keep you eyes on this blog for more information.

      Delete
    2. Great news, thanks!

      Delete
  5. Thanks, I am also looking forward to 2-step authentication!

    ReplyDelete
    Replies
    1. An update on true two-factor authentication--we are in our final stages of testing. As you can imagine, we need to get it right so we are taking a bit of extra time. It is looking like we'll be able to offer it as an optional enrollment before the end of the year.

      Thanks for everyone's patience.

      Delete
  6. This is pretty cool -- great update. I'm personally more interested in restricted/read-only application-based passwords for things like mint.com before 2-factor auth. Then I don't have to give away all of my personal security answers. ING Direct does this.

    ReplyDelete
  7. 32 Characters!?!?!?!??!?! I have so many passwords and different accounts, how can I ever remember something so long? Please don't make this a requirement.

    ReplyDelete
    Replies
    1. No, 32 characters will never be required. The minimum is 6 characters, however we recommend 10 for a stronger password.

      Some members wanted to be able to use very long passwords so we did not want to create a limit that was too low.

      Delete

We welcome your comments as a way to contribute to the discussion and provide feedback to UW Credit Union. We will not post discussion that contains personal attacks, racial slurs, profanity or other inappropriate material. We moderate comments so please be patient if you don't see yours appear right way.

If you have immediate service needs or require follow up, please contact us.