Protect your accounts from hackers

User accounts store your personal information. If accounts are stolen by hackers, personal information would be leaked and the accounts could be used for illegal activities, result in financial loss and reputational damage.


  1. Use a strong password with combination of at least 8 characters including upper and lower case letters, numbers and special characters.
  2. Avoid using a password which is easy to guess. Examples are:
    • Name of you or your family members
    • Same digits or letters only
    • Consecutive letters or number, e.g. "abcdef", "123456", etc.
    • Adjacent keys on the keyboard, e.g. "qwerty"
    • A word or its reverse that can be found in dictionary, e.g. "password";
    • Personal data such as birth dates, ID card numbers, telephone numbers and so on.
  3. Consider using a long passphrase containing multiple words or phrases.
  4. Consider enabling multi-factor authentication with strong authentication mechanism, e.g. security token, app-generated one-time password, etc.
  5. Change password after initial login and in regular intervals, for example, every 90 days, and do not reuse recently used passwords.
  6. Do not store your password on any media or write down in a paper unless it is well protected from unauthorised access.
  7. Do not share a password with other people.
  8. Use different passwords for different accounts, especially accounts for handling sensitive information.
  9. Log out after using a service, especially in shared devices.
  10. Disable the auto-complete function and the “remember password” feature of your browser.
  11. Avoid performing any login with password when using public computer.
Password Management