Password Security and Guidelines

Bryan Stow
May 22, 2024

Passwords are the keys to the environment, and much like the front door of your house. If they are too easy to access, someone will eventually take advantage of it.

To best protect the bank and our customers’ information, we all need to follow a few relatively simple guidelines.

1. Change your passwords regularly.

Farmers State Bank requires you to change your Windows Authentication password every 90 days. As a good habit, you should also change any other account passwords that you use at this time as well. Many sites do not require you to change your passwords at all, which should make you question how secure they are.

2. Password complexity.

The first line of defense is to make your password complex. Hackers routinely use what are called Dictionary Attacks to crack passwords. They have tools that quickly check for passwords against standard dictionary words. One way to make your password complex is to incorporate upper- and lower-case text, along with numbers and special characters. This, however, can make it difficult to remember. Another method is to use a Passphrase, which is putting multiple words together with numbers and special characters into an easily remembered pattern that are difficult to hack.

The use of the Passphrase is the preferred methods as it is easy to remember and difficult to crack.

FSB Password requirements follow the Microsoft complexity rules:

• Passwords change every 90 days.

• Minimum length is 10 Characters containing 3 of the following:

• Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters).

• Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters).

• Base 10 digits (0 through 9).

• Non-alphanumeric characters (special characters)


• Any Unicode character that's categorized as an alphabetic character but isn't uppercase or lowercase. This group includes Unicode characters from Asian languages.

Once a password is changed it cannot be changed again for 14 days unless IT forces a reset.

3. Passwords to avoid.

• Just dictionary words

• Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).

• Context-specific words, such as the name of the service, the name of the bank, the username, or simple variations of those.

4. Unique passwords for each service.

The uniqueness of your passwords is extremely important to your security. Websites are sometimes hacked, and login credentials are stolen and resold most of the time. Hackers try to use these login credentials on other sites to access your other accounts and get hold of all your data. For those reasons, it is recommended that you use a unique password / passphrase for each account that you access.

5. Use a password manager.

One way to keep track of multiple passwords / passphrases is to use a password manager program. It is a secured place to save authentication information and links to sites or applications. Farmers State Bank uses the KeePass password manager. If you are not currently using this, please submit a ticket and IT will assist you with the setup.

6. Never send a password by email, instant message, or any other means of communication that is not reliably secure.

Quarterly Testing:

To better secure our environment IT runs a password cracking tool against all internal accounts used by staff on a regular basis. If we can crack your password in less than 12 hours we will be contacting you to discuss making the password stronger and will have you change it.

To test passwords / passphrases and see how long it would take to hack them, go to the following site and enter a few that you think would be good. The results may surprise you.

Remember: Never reveal or share your passwords to others including door access codes to anyone, including members of IT.

Related articles