You Are In

  • Life Goals
  • Day To Day Banking
  • Deals & Promotions
  • Digital Services
  • Help & Support
  • Quicklinks

Our increased use of technology requires better and more stringent data security. While organisations are doing their bit to ensure that they safeguard customers’ sensitive information, we as users can also do our part to protect and secure our data by using strong passwords.


From research done by Google, 24% of the users have passwords such as ‘123456’, ‘Qwerty’ and ‘password’, and only about 34% of users frequently update their passwords. Simple passwords are a hacker’s paradise. Having weak passwords on your online and mobile banking platforms could be detrimental to your financial safety and can make your accounts more vulnerable to scams and fraudulent activities.

Here are some ways in which you can create a strong password:

Choose a Unique Password

Risk: Do you use a single password across all platforms, including personal email, social media, e-commerce and online banking? Having only one password can endanger your data, as a hacker only needs to crack one code to access your entire security system.    

Always use unique passwords for each of your accounts.

Based on findings by the software company ForgeRock, more than 2 billion records containing usernames and passwords were hacked in 2021, this was a 35% increase from the 2020 numbers. 

 Create intuitive passwords for each of your accounts. For example, the password for your office email could be spelt in reverse and perhaps, include the year you started working in the organisation (off_liaM@1998). Add a twist of your own to make your passwords unique.


Update Your Passwords Once a Month

Risk: Passwords are not for a lifetime. Given enough time, hackers or fraudsters will eventually crack any password. This is why many websites require users to regularly change their password. Unfortunately, many individuals tend to have a few passwords that they use in rotation.

Solution:  Secure your accounts by changing your passwords every month. It is also a healthy practice to use new unique passwords and not use passwords on rotation. Also, try to include capital letters in the middle instead of the beginning or end of the password.


Example: Use unique intuitive passwords that are also easy for you to recall. For example, you can switch your office email password between off_liaM@1998 to liaM_off@9-98 where you reverse the first part and add the month-year of your joining as the numeric component in your password. Using special characters makes it tough to crack your password.


Use a Combination of Letters (Upper & Lower Case), Numbers, and Symbols

Risk: While setting passwords, it is important that you use a random or hard-to-guess series of numbers or letters. Using your birthday, month or year in the password is not a safe practice.

Most websites, including personal emails, social networking sites and online banking platforms insist on passwords with at least 8 characters with a combination of letters, numbers and symbols. You should use both upper and lower case for your password. To strengthen your password, combine different unrelated words into your password.

For example:
It is ideal if you can use 3-4 words to create your password. Do not incorporate pet names to make it easier to remember. You can instead create a stronger password like "ILOVE!myy3llow#lAb" (reads as "I love my yellow lab"). 

A Bonus Safety Tip: Log Out from Websites and Devices When You Are Done

Risk: We often log in to websites to check our information (credit balance, shipping status, etc.), but we rarely log out of the website after we are done. Someone using your computer after you could then view and alter your information since the device is already logged in to your account.

Always log out after completing any online transactions on a website. When using mobile apps, remember to exit and close the app.


Many websites and mobile applications allow you to log in using Gmail, Facebook or other social media networking credentials. Although this is convenient, it is not recommended as it also makes you vulnerable to more damage from a single security breach. Always remember to be suspicious and cautious about emails, phone calls and text messages requesting for your password for any reason. No legitimate organisation will ever ask you for your password.


*PS: Don't use the exact examples above as your password! Always create your own unique passwords to ensure that you are well protected.   





This article is brought to you by CIMB as part of our ongoing efforts to raise the level of financial literacy among Malaysians. Financial knowledge and understanding are key to making well-informed and meaningful financial decisions towards positively improving welfare and well-being of communities. This is one of our many efforts to achieve CIMB’s purpose of advancing customers and society.