To continue enjoying all the features of Navy Federal Online, please use a compatible browser. You can confirm your browser capability here.

Bottom Line Up Front 

  • Don’t use the same password for all your accounts.
  • Weak or unprotected passwords continue to be a top cause of security breaches.
  • Use two-factor authentication for an extra layer of protection.
  • Consider a password manager to help you maintain security

Scammer and hacker attacks continue to have damaging effects on consumers and businesses. One thing that’s clear is that their getting access to passwords is still a top cause of these security breaches. The good news is that having a strong password can be the first step in outsmarting the bad guys and minimizing your risk.

Create Unique Usernames and Passwords

Most of us sign in to multiple websites—for both business and personal needs—which makes it challenging to remember the usernames and passwords for each one. While some people think a solution is to use the same one for all their accounts, that’s unwise. We can’t stress this enough—it’s important to have a different username and password for every account you have. Why? One reason noted by Norton security advisors is that by using the same password for all your accounts, if one is breached, all others are at risk.

Check Your Passwords’ Strength

Many websites will measure the strength of your password at the time you create it. If the site you’re using doesn’t, there are a number of online password strength checkers and random password generators you can use to help you build a strong password.

Increase Your Current Passwords’ Strength

If you determine your current passwords aren’t strong enough, it’s simple enough to change them. Some tips for increasing password strength include:


  • Create a username between 6 and 32 characters
  • Include at least one letter and one number
  • Don’t use part of your email address, Social Security Number, birthday, account or access numbers


  • Create a password between 8 and 32 characters
  • Include at least one number, at least one letter, at least one capital letter and at least one special character (e.g., %, &, #)
  • Consider using a mnemonic sentence—the longer, the better (e.g., “My loving but crazy friend Kate has over 12 cats.” could become “MlbcfKho12c”). It looks random, but it’s easier to remember. Then, for added security, replace some letters with numbers and/or special characters (e.g., M1bcfKh012c!).

Don’t use these for your password:

  • Part of your email address
  • Social Security Number
  • Birthday
  • Pet name
  • Family names
  • Account or access numbers
  • Dictionary words (Lots of people still use “password.” It’s the easiest to hack.)
    Keep in mind that longer usernames and passwords are far more difficult to crack.

Use Two-Factor Authentication

More and more apps and sites, including Navy Federal, offer two-factor authentication (2FA). It’s an extra layer of security that double-checks your identity before giving access to your account. Most often, 2FA will require a password plus another form of identification, such as a unique code sent by text.

Safeguard Your Passwords

Two final and very important points regarding strong passwords and security:

Never Share Your Password or 2FA Code. Believe it or not, some people do share their passwords, either on purpose or accidentally. In fact, a survey of IT and security managers conducted by Enterprise Management Associates (EMA) revealed that nearly a third of respondents said they experienced a breach because users shared credentials with an unauthorized person. Another 28 percent said they had a breach when users shared information in a phishing attack.

Be aware, fraudsters have begun trying to trick people into giving out 2FA codes by impersonating their financial institutions. Never give the code to someone who calls and asks you for it.

Don’t Store Passwords on Electronic Devices. If you store personal information on electronic devices, especially passwords and account sign-in details or financial data, you’ve increased your risk if your device is lost or stolen. That information can be used by anyone in possession of the device to gain access to your accounts. Instead of storing them on electronic devices, find a more secure way to save the information like writing them down and storing them in a lock box or using a password manager.

Password managers, like LastPass and 1Password, can help you keep track of your passwords, but there are pros and cons. For example, although you’d no longer need to remember multiple user names and passwords, you’d still need to remember the username and password to that site. Plus, if the site were to be breached by hackers, it would open all your accounts to them. Before you decide whether one would work for you, do a little research on their security and compare features, benefits and cost.

More Security Essentials

If you’re interested in learning more security essentials, visit our Navy Federal Credit Union Security Center for articles, tips and resources.


This article is intended to provide general information and shouldn't be considered legal, tax or financial advice. It's always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.