Top of main content
Lock and card above the keyboard; image used for HSBC Malaysia Amanah password article page.

How to create a strong password

You probably have dozens of usernames and passwords, for everything from checking your water bill to connecting to your home Wi-Fi. Of all of them, the passwords you choose for online and mobile banking are possibly the most important.

Hackers are constantly upping their game with ever more sophisticated ways of getting your information.. But choosing a strong password – and updating it regularly – will go a long way toward protecting your information, which in turn will protect your finances.

Tips to strengthen your password

The strongest password you can choose won’t be a normal word or phrase. It will be a (seemingly) random combination of letters (both upper and lower case), numbers and symbols. It will look like gibberish, but it can still have a special meaning for you so you can easily remember it.

Choose something you love, but don’t make it obvious. If you choose a password like “Friends” because that’s your favourite TV show, hackers might be able guess it by looking at your social media feeds. But you could use “6fadc@CP” because it will be easy for you to remember that the “six friends always drink coffee at Central Perk”.

Same thing if you love classic rock: “RollingStones” would be a weak password. But “Icgns!65” would be good one because you’ll remember that the song (I Can’t Get No) Satisfaction came out in 1965.

Smart Tips

  • Choose a unique password for online and mobile banking and don’t use it for anything else
  • Regularly update your password once a month
  • Log out of websites and devices when you are finished using them
  • Use a combination of letters (upper & lower case), numbers and symbols


  • Use anything that would be easy to work out with a little background knowledge: your username, actual name, name of family members, pets, favourite football teams, birthday etc.
  • Use the word ‘password’, numerical sequences (for example 12345), easily recognised keypad patterns (“14780”, “qwerty”, etc) or a single commonplace dictionary word that could be cracked by common hacking programs
  • Write your passwords down or share them with anyone
  • Use the same user ID and password of your online banking for other online services

Remember: no HSBC employee will ever ask you for your password or OTP (One-Time-Password). If you receive a call or email from someone claiming to be an HSBC employee, government official or even a member of law enforcement and they ask you for your password, ignore the call and contact us immediately.

Listening to what you have to say about services matters to us. It's easy to share your ideas, stay informed and join the conversation.