You need a password for just about everything these days. When you’ve got so many logins to remember it’s easy to fall back on the same old memorable words and phrases.

But, as tempting as it is, using your birthday or pet’s name just won’t cut it if you want to keep your account secure.

Here are our top tips for creating super-secure passwords.

Use 12 characters minimum

There are no set parameters about the ideal password length, but 12-14 characters is generally a good rule of thumb.

Include a mixture of numbers, symbols, capital letters and lower case letters

Sites don’t ask for convoluted passwords to be tedious – a mixture of different character types makes your password harder to crack for fraudsters’ software.

Don’t get personal

In the age of information, your birthdate, place of birth and cat’s name are all too easy to find online. Passwords based on key personal information are far easier to work out than passwords based on seemingly random words or phrases.

But, even if personal stats play no part in your passwords, it’s important to have as much control as possible over what information is accessible online.

Check the privacy settings on social accounts, read privacy policies on websites you frequent (particularly if you have a profile of some sort on them) and think twice before taking part in online surveys and quizzes that ask for access to your social media profiles.

Make it a strong one

When it comes to creating a password think outside the box and use an unusual combination of words (replacing letters with special characters and numbers which aren’t like the original letter).

For example, bLuesWan37?? fits all these requirements and would take a computer 63,000 years to crack. Two random words will give you a pretty strong password, but three is even better. [email protected] would take 380 quadrillion years of computer cracking time!

Check your password strength

If in doubt about the strength of your password, run it through a secure, reputable online checker. It will tell you how long your password would take to crack, giving you the opportunity to try out different combinations until you’ve got the Fort Knox of passwords. 

Use a variety of passwords

Creating these super secure passwords and having to remember confusing combinations makes it tempting to use one for multiple platforms – but in doing that you undo all the good of creating a secure password in the first place.

If a fraudster gets hold of a password for one account, they’ll be able to access many. Use a variety of passwords to guard against breaches and to minimise damage if one of your accounts is compromised.

Sharing is bad (when it comes to passwords)

Never, ever share your password with anyone. One of the issues with having complicated passwords is that people are tempted to write them down so they don’t forget them – resist that impulse and try to commit new passwords to memory.

You should also set a reminder to change your password frequently.

---

At Currencies Direct we will never ask for your password, and you shouldn’t share it with us even if it appears that we’ve asked you to.

If you have any concerns that your password is no longer secure, change it immediately.

Changing your password is simple, just follow this link.

Everyday web use could expose you to opportunistic fraudsters if you don’t take steps to protect yourself.

Here are some simple tips for keeping on top of computer, mobile and tablet security.

Keep your computer healthy

Make sure you have active anti-virus software, and that your software and applications are regularly updated (patches and updates often address security issues in programmes and applications).

The P-word

Make sure your home wi-fi is password-protected – and be sure to use our tips in the password security section to make it a strong one.

Forget me, forget me not

If you’re using a computer which isn’t yours don’t tick the ‘Remember me’ option, and make sure you log out once you’re finished.

Public safety announcement

When connecting to a public network (in a bar or café, for example), make sure it’s one you trust. We recommend not connecting to public access networks whenever possible as they’re often a target for cyber criminals. If you’re in any doubt when you’re out, it’s better to connect using mobile data than public wi-fi.

Additionally, if you’re logging in to secure sites in public check your surroundings thoroughly to make sure no one is looking over your shoulder.

Click bait

When generally browsing the web, be careful not to click on any suspicious looking links or pop-ups.

Typical fraudster tactics include offers of prizes, threats, urgency or even blackmail, with messages like ‘You’ve won £1000! Click here to claim’, ‘your computer is under attack! Click here...’, ‘do this or your account will be restricted…’, or ‘you’ve accessed illegal content, click here to avoid legal action…’

Select security information carefully

When setting ‘security information’ (like answers to security or forgotten password questions) always be aware that any information you’ve shared via social media (or other web resources) may well be accessible to hackers and fraudsters.

Where possible pick questions that only you are likely to know the answer to.

The genuine article

If you’re visiting our website always type the address directly into the search bar or select it from a web search, and make sure you’re checking for these signs of authenticity:

• Invalid security certificates popping up in your browser could be a warning that you’re visiting an untrustworthy site. Ours are always valid.
• Check the URL. Fraudsters try different spellings, characters and punctuation to take you to their ‘fake’ websites. That’s why we recommend navigating with the address bar or a trusted search engine.
• Check the address bar or links you hover over contain ‘https://’ – this means the site and links on the page are secure.
• Check the locked padlock symbol in the address bar, this indicates that the data shared between you and the site you’re using is encrypted and secure. Some fraudsters have wised up to this and use encryption, so check for all signs of authenticity when visiting a website.

 

Sending funds securely

When making an overseas payment you should always have confidence in the legitimacy of the recipient of your funds.

Verify your recipient’s information and the reason for transfer, and never be rushed or pushed into moving funds if you aren’t 100% comfortable with the payment.

We like to talk currency, and we like to make sure our customers have access to all the insights they need to make an informed decision about their currency transfers.

This means we send several different types of email communications to our customers, from daily market updates, to transactional emails and product updates.

You’ve got mail

If you receive an email from Currencies Direct give it a proper scan and make sure you’re confident it’s been sent by us before clicking any of the links within the email.

If there’s anything unusual about the communication or if you have any concerns at all, check with us by contacting your account manager directly or emailing [email protected].

Things to look out for:

• The branding/design looks different – While our style has changed over the years and will continue to evolve, certain characteristics (like our distinctive orange logo) should always be present.
• You’ve received two emails in quick succession giving you alternative instructions – please get in touch with us on the methods mentioned above if you receive conflicting communications.
• The email contains a request which seems out-of-the-norm – we never ask for personal details through an email, threaten to change your account if you don’t click on a link, or ask you to provide your login details.
• Poor spelling and grammar – we can’t guarantee we’ll never send the occasional typo (we’re only human!) but an email rife with spelling or grammatical errors is a sign that something’s not quite right.
• The tone of the email is different – we’re never pushy or threatening. Always take your time when reviewing a communication or acting on one, fraudsters often try to scare you into acting quickly.
• You don’t recognise the signature or the address the email’s been sent from – our sender’s addresses end in ‘@currenciesdirect.com’
• Links in the email direct you to unexpected places – our email links typically direct you to our own website. If you have any concerns we recommend that you manually type our web address into the search bar or log into our online service and app directly rather than clicking links within emails.
• Unusual attachments – strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device
• You’re a winner – If you don’t remember entering a competition, the chances are you didn’t! If a communication claims you’ve won a prize for something you have no memory of don’t pursue it, contact your account manager or our customer service team and we can verify if the prize is genuine.

 

Finally, never ever click on email links or attachments unless you’re 100% sure the communication is from a trusted source.

If in doubt, check it out!

Nuisance phone calls or text messages are nothing new, but phone scams can often sound convincing, and fraudsters attempting to contact you over the phone can be persistent.

Never let the person at the end of the phone put you under pressure or make you feel forced into taking fast action, and follow these top tips to protect your phone and text security.

Before you answer a call

Most mobiles are good at highlighting spam calls, but fraudsters are also good at appearing genuine with caller IDs.

If you have any doubts about the number calling you put it through a search engine.

Alternatively, if you think a call is from us but you aren’t certain, check it against the number listed on the ‘Let’s talk’ section of our website.

Once you’ve picked up

No matter what, never give out your passwords or key security information over the phone. It doesn’t matter who the person on the end of the phone claims they are, if they ask for your password or ask you to type anything into your keypad hang up immediately.

Approach text messages with caution

We only send you SMS messages under specific circumstances – like your One Time Pin to activate your online account or notifications about rate alerts.

If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore the message and contact your account manager or our customer services team for verification.

What to expect

Fraudsters prey on fear and clouding your judgement to get what they want. Some of the main tactics to be prepared for are:

• Creating panic – they send warnings about suspicious behaviour or indicate that ‘an unknown device has accessed your account’.
• Urgency – making you act fast means the fraudster avoids suspicion. Think twice if you’re instructed to ‘call urgently’ after ‘you’ve missed important calls’.
• Sounding helpful – using helpful, friendly or professional language to add credibility is another trick, don’t be drawn in.
• Following up a text with a phone call – again, fraudsters use this tactic to add credibility.

While all the measures outlined in our online security section can help you protect your activities from fraud, our online service and app also have several inbuilt features for added protection. 

Online service and app

• PIN entry – we’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer). Never share this with anyone. Our staff will never ask you for this information.
• Transactional emails – we’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account.
• Your activity – You can view your recent and historic activity within the app and our online service.
• You can also check all the devices that have accessed your account.

 

App only

• Passwordless login – we’ll send a magic link to the email address you registered with, allowing you to log in securely without the need for a password.
• Biometric authentication – depending on the handset you own, you can secure your app with touch or face ID.

For starters, always check that you’re using a bonafide firm to make your transfer – a company that’s well established, reputable, and authorised by the relevant authorities.

We were established in 1996 and are authorised by the Financial Conduct Authority (FCA) as an Electronic Money Institution (Firm Reference Number 900669).

If you need to transfer money to a recipient you don’t know well, you could be at greater risk of fraud. While it might seem like common sense, it can be easy to forget the basics.

So, before making any international transfers, always stop and consider whether any of the following questions apply.

• Do I really know this person? If I don’t, can I trust that they are who they say they are?
• Should I send money to show someone funds are available in my account?
• Why would I need to send money to claim an inheritance or win a prize draw?
• Why does my relative/friend/associate suddenly need money? Is their request for funds genuine?
• Am I 100% sure I should be sending money to someone I met online?
• Why am I paying for a tax I’ve never heard of before?
• Why do I need to transfer money to claim from an investment?

 

Additionally:

• Have you had a request to change bank details for an existing recipient? Check with the supplier verbally before making the change and sending your funds.
• For payments for bonds/investments, undertake due diligence on the regulated status of the investment.
• Follow advice from Action Fraud.

Whenever you make a transfer always bear in mind the three steps promoted by Take Five to Stop Fraud.

1. STOP - Take a moment to stop and think before parting with funds or personal information.
2. CHALLENGE - It’s fine to reject, refuse or ignore requests for funds – only criminals will try to rush or panic you.
3. PROTECT - Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.

 

If you have any doubts about the recipient of your funds or the reason you’re making your transfer, don’t make the transaction.