Username and password best practices

Username and password best practices


Unfortunately, data breaches are becoming more and more common. You’ve likely seen news reports about businesses being targeted by hackers who steal customer information including usernames and passwords. Information accessed through data breaches can be sold online for other criminals to use for different fraudulent activities. One such activity is credential stuffing, and it is on the rise.

What is credential stuffing?

In a credential stuffing attack, criminals use usernames and passwords leaked in data breaches to try to gain access to online accounts. Businesses of all types are targeted for credential stuffing attacks, including retailers, banks and finance companies. Credential stuffing attacks are attractive forms of identity theft because people often use the same usernames and passwords across multiple sites and applications. Doing this puts them at greater risk of becoming a victim of this crime.

How to protect yourself

One of the best ways to protect your accounts and personal information from fraud attempts like credential stuffing is to follow best practices when establishing usernames and passwords for the different websites and applications that you use. These practices include:

  1. Avoid reusing usernames and passwords for multiple sites.
  2. Avoid using your email address as a username.
  3. Consider making your usernames and passwords longer, and include capital letters, special characters and combinations of letters and numbers to make them more difficult for criminals to guess.
  4. Never provide a username or password over an unsolicited phone call or in reply to an email. Fidelity Bank will never ask for your credentials via email.

How we are keeping your information secure

We are committed to providing secure online and mobile banking experiences. For your protection we employ an overlapping set of defense technologies to combat fraud attempts like credential stuffing. We have multi-factor authentication login processes in place for all attempts to access online and mobile banking accounts from different, unauthorized devices. In the event of attempts to access your account with invalid passwords, we will alert you by email. If you receive this alert, please consider changing your username and password.

Being aware of the different types of threats and scams that exists is another way to stay safe. Visit our security center for resources related to identity theft, phishing, spyware, viruses and more. If you believe you are the victim of fraud, please contact a member of our customer care team at 1.800.658.1637.