How to create strong, secure passwords, from our Corporate Security Officer

To help you protect your digital life, we asked Dan Cardi, CBNA’s Vice President and Corporate Security Officer, to share his top strategies. Dan leads CBNA’s security program and has years of experience safeguarding customers against fraud and cyber threats.

Your passwords are no longer just the key to your email. They’re the gatekeeper to your bank accounts, investments, identity, and personal data.

What’s changed?

• Credential stuffing: When one service has a data breach, this cyberattack steals your credentials to try to log in to another unrelated service. And they’re now AI-powered, making it easier for hackers to automate logins using stolen login information.
• Brute-force tools: These hackers crack data by trying every possible combination, like a thief breaking into a safe by trying all the numbers on the lock. Thanks to AI, they’ve evolved to guess millions of password combinations per second.
• Phishing scams: They’re smarter now, using deepfakes, fraudulent banking apps, and social engineering tactics that feel eerily personal.

One weak password, reused across accounts, can lead to multiple breaches and a full-blown identity crisis. That means cybersecurity is now personal finance protection.

Want to know how to create strong passwords that are both safe and memorable? Swap out short passwords for longer passphrases.
For example: “WeHikeAtSunrise_2025!” is more secure than “Sunrise123.”

These tips combine best practices in online banking security, password manager use, and multi-factor authentication (plus our own secure app features).

These types of passwords:

• Are longer than 12 characters
• Contain symbols and varying sentence cases
• Are hard to crack and easy to remember

A passphrase is like a sentence that’s easy for you to recall but harder for a bot to guess.

Your kid’s name + birth year = a fraud jackpot. It’s now best practice to avoid:

• Names
• Birthdays
• Pets
• Street addresses
• Favorite teams

Social media makes any of this info easy to find. Add AI and it’s readily available to the first scanner that comes along.

If you’re still reusing the same credentials across multiple accounts, it’s time to switch things up.

A different password for each service is the most secure approach, and there are tools that can help you keep track of each one. Trusted password managers like 1Password will:

• Auto-generate complex, unique logins
• Store everything securely
• Alert you to breaches
• Work across all your devices

“Change passwords often and don’t use the same ones for different applications. That simple step goes a long way toward keeping your accounts safe.”
 —Dan Cardi, SVP, Community Bank

2FA can help protect even the weakest passwords from a data breach. But not all 2FA is created equal. Hardware tokens are considered the most secure, followed by authenticator apps (also known as soft tokens).

For everyday use, authenticator apps are the most convenient, cost-effective option. Try to use them instead of text-message 2FA, which can be hijacked in SIM scams.

Our mobile app supports:

• Face ID
• Fingerprint logins
• App-specific passcodes
• 2FA-enabled authentication flows

 Biometrics add a physical layer of security that passwords alone don’t cover.

Your email or password could already be exposed and you wouldn’t even know it.

Trusted websites like HaveIBeenPwned.com help you see if your credentials have been compromised in a data breach.

If flagged, immediately:

• Change the compromised login
• Activate 2FA
• Scan other accounts for suspicious activity

One of the biggest threats to passwords is fraudulent emails, texts, and mobile apps. Look out for common warning signs, like:

• Texts from unknown numbers asking you to click a link
• Emails with “urgent account issues” (these will lead to fake login screens)
• App store downloads that look similar but not exactly right

Always log in to official apps only, never through third-party links.

“Imposter scams can happen by phone, text, email, social media, and chat. These bad actors can impersonate just about anyone—from an IRS auditor to a utility company representative. And phishing emails require extra vigilance. I’m a security professional and even I’ve been impressed by how authentic they can appear, right down to the correct company logo.”
—Dan Cardi, SVP, Community Bank

Even the best password can’t protect you on a compromised device.

• Use strong phone passcodes
• Keep software and apps updated
• Avoid public Wi-Fi for banking unless using a VPN
• Never store passwords in your Notes app or an unprotected browser vault

“Avoid public Wi-Fi and USB charging stations. It’s one of the simplest ways to keep your accounts protected.”
—Dan Cardi, SVP, Community Bank

Strong passwords are a smart way to keep what matters safe. Let’s recap:

• Use long, unique passphrases, avoiding personal info
• Vary passwords across accounts, keeping track with a password manager
• Enable 2FA (preferably via an app) and biometrics
• Leverage CBNA’s secure mobile tools
• Monitor for breaches and act fast if you’re exposed

And remember, mobile banking in 2025 is more secure than you think. Our app is built to make managing your money easy and safe, anytime and anywhere.

Enroll in online banking today with our trusted service and see what we mean.