Blog/News

How to manage and protect your passwords to keep you safe online Passwords form the foundation of our online safety, whether that’s banking, healthcare, or even our social connections. If they’re weak or reused, they can make you vulnerable to criminals. “When your data is leaked in a breach, scammers can use it to impersonate you, trick you into clicking malicious links, or try your passwords on other websites. They might even use that stolen information to lock your files and demand a ransom,” COBA Head of Financial Crimes and Cyber Resilience Martin Latimer said. Strong passwords are our first line of defence against cybercriminals, and amid rising data breaches across Australia, there’s never been a greater need for good password hygiene. To help you figure out the best way to strengthen your passwords - and why this matters - COBA’s Financial Crimes and Cyber Resilience team have put together some simple tips.   Why does password hygiene matter? Data breaches can be a goldmine for scammers, providing them with a trove of personal and payment information that can then be exploited. In the first six months of 2025, over 10,000 individuals were affected by cyber incidents, with malicious or criminal attacks comprising the largest source of data breaches, according to the Office of the Australian Information Commissioner. “Having strong passwords is crucial to ensure cybercriminals can’t access your banking, government or healthcare accounts or target you with malware,” Latimer explained.   How to build stronger passwords Strengthening your passwords doesn’t mean making them harder to remember — it means making them harder to crack. Longer, word-based phrases (known as passphrases) are usually a strong choice. Consider a string of random words that only you can stitch together to create a unique phrase (for example: “train hall idea work” or “television table bottle snack”). Avoid using personal information or common, predictable words. “Safe passwords typically have 10 or more characters - the longer, the better! You should further strengthen your password by combining uppercase letters, lowercase letters, numbers and special symbols, including swaps like ! for 1 or @ for A,” Latimer said.   Managing your passwords It’s important not to share your passwords with anyone - including loved ones - and to ensure you are using different passwords for your various accounts. Always enable multi-factor authentication (MFA) wherever it’s available. This adds two or more verification methods to create an extra layer of safety on your accounts. MFA may involve passkeys, one-time passwords (OTPs), or biometric verification. Additionally, pay attention to where your passwords are being saved. “While many may do this for convenience, blindly saving your passwords in your browser to be auto-filled can put your cybersecurity at risk,” Latimer cautioned. Instead, opt for a reputable password manager with a strong master password. Ensure it offers strong privacy and security features such as encryption, MFA, and alerts if your passwords have been exposed in a breach.   What to do if your passwords have been compromised It’s important to be aware of the signs of a data breach so you know if your password has been compromised. Look out for suspicious activity such as unauthorised transactions, unfamiliar log-ins, unsolicited password resets, or alerts from financial institutions or service providers (even those you don’t normally use). You can also check if you were affected by a data breach using platforms such as Have I Been Pwned. If you believe your passwords may have been compromised, take immediate action to secure your accounts. Update your passwords across important accounts and run anti-virus software on your devices (including your phone) to check for ransomware. If you are contacted by someone you suspect is a scammer, report the scam to the National Anti-Scam Centre – Scamwatch to help protect others. For more information on how you can strengthen your online safety and keep your personal information secure, visit Cyber.gov.au.

With nearly two thirds of Australian's using mobile banking as their top method for managing money, protecting your security online is more important than ever. In 2023, Australians lost a reported total of $455,436,239 to thieves through scams. Phishing scams were the most predominant, where a scammer contacts you pretending to be from a legitimate business such as a bank, telephone or internet service provider or Government organisation. You may be contacted by email, social media, phone call, or text message. The ACCC's Scamwatch is a trustworthy resource to keep up to date on the latest scams and current hoaxes trying to steal your personal information. Bank Orange encourages members to stay vigilant with the follow tips to protect your identity online: Keep in regular contact with your financial institution If you are receiving emails from your financial institution and you’re not sure if they are genuine, contact your financial institution and ask them. Chances are, if emails from your bank or credit union relate to loans, refinancing, interest rates, mortgage or home loan rates or the like, they could very well be genuine. If an email appears to be from your bank or credit union, but the email isn’t the same quality, uses misshapen or grainy images or is asking you to provide your member number and internet banking password from within the email, contact your bank or credit union immediately. They should be able to verify if the email was genuine or not. Never open an email from someone you don’t recognise or click any links in an email that you suspect is fraudulent Hackers and scammers can attempt to infiltrate your machine and steal your personal information by loading viruses on your device. Emails that contain such viruses usually ask you to click on links or provide your personal information as verification of your identity. Downloading attachments from these emails can also deliver the virus to your device which can freeze your files or provide them remote access to your device. If you receive an email from an unknown person or an institution that you don’t bank with, delete the email immediately and then delete it from your deleted items.  Never keep a copy of your PIN with your card (or anywhere) It is important to keep your PIN number safe and never to keep a copy of it in your wallet. Your PIN should never be shared with anyone and is a number that you can easily remember without it being directly related to your birthdate, birth year or anything else easily identifiable by others. Check your transactions regularly It’s important to regularly check your transactions or account statements regularly so you can pick up any potentially fraudulent transactions as soon as possible. Even transactions from trusted companies like APPLE ITUNES AUSTRALIA can look authentic, but might be fake.  Our team is here to help If you’d like any further tips or support with keeping your personal information safe with Bank Orange, follow us on social media, come along to our annual Stay Safe Forum or contact our Member Banking Specialists.