Password Security

We take the security of our customer's personal and financial data very seriously, and we help them do the same.




Here's how we grade the level of security on passwords.


Either too short (less than 6 characters), one-case letters only or digits only.


At least 5 characters, one strong condition met (>= 8 characters with 1 or more upper-case letters, lower-case letters, digits & special characters).


At least 5 characters, two strong conditions met (>= 8 characters with 1 or more upper-case letters, lower-case letters, digits & special characters).


At least 8 characters, three strong conditions met (>= 8 characters with 1 or more upper-case letters, lower-case letters, digits & special characters).





Use the guidelines below for creating a password that's both secure and easy to remember.


  • Use a password with a mix of at least six mixed-case alphabetic characters, numerals and special characters.
  • Use a password that is difficult to guess but easy for you to remember, so you do not have to write it down.
  • Use a password that you can type quickly, without having to look at the keyboard, thereby preventing passers-by seeing what you are typing.
  • Change your password frequently, at least once every 90 days.
  • Change the default or initial password the first time you login.
  • Adopt a strong authentication mechanism, such as two-factor authentication, for user accounts that handle sensitive data.
  • Use different passwords for different accounts, in particular those for handling private and sensitive data.
  • Change your password immediately if you believe that it has been compromised. Once done, notify the system/security administrator for follow up action.
  • Log off when finished using terminals or PCs in public areas, such as a library or cafe.



  • Don't use your own name as a login name in any form (as-is, reversed, capitalised, doubled, etc).
  • Don't use the name of your spouse or child in any form.
  • Don't use other information that might be easily obtained about you. This includes ID card numbers, license numbers, telephone numbers, birth dates, the name of the street you live on, and so on.
  • Don't use a password that contains all digits, or all the same letters.
  • Don't use consecutive letters or numbers like "abcdefgh" or "23456789".
  • Don't use adjacent keys on the keyboard like "qwertyui".
  • Don't use a word that can be found in an English or foreign language dictionary.
  • Don't use a word in reverse that can be found in an English or foreign language dictionary.
  • Don't use a well-known abbreviation e.g. HKSAR, HKMA, MTR.
  • Don't reuse recently used passwords.
  • Don't use the same password for everything; have one password for non-critical activities and another for sensitive or critical activities.
  • Don't write down your password, particularly anywhere near your computer or file it in a box file with the word 'password' written on it.
  • Don't tell or give out your passwords to other people, even for a very good reason.
  • Don't display your password on the monitor.
  • Don't send your password unencrypted, especially via email.
  • Avoid using the "remember your password" feature associated with some websites, and disable this feature in your browser software.
  • Don't store your password on any media unless it is protected from unauthorised access (e.g. encrypted with an approved encryption method).



Have questions?

Contact us, to get answers. We're always glad to help.