Starting 7th April 2024, QBE Qnect password standards are changing to help QBE stay secure and to comply with regulations. Strong passwords are the first line of defence against unauthorized access to your account and retrieval of your sensitive or personal information.
- All Qnect users are required to set a password with minimum 14 characters (with a mix of uppercase/lowercase/numeric digits/special characters), instead of the current minimum 8 characters.
- You will be prompted to change your password during your first Qnect login on/after 7th April 2024.
- Password duration has been increased to 180 days, after which you will be prompted to change your password again.
- There is no change to the 6-digit token format used for login authentication.
Why are QBE Password Standards changing?
Hacking tools are getting more sophisticated, so a password with 8 characters + 2FA is no longer strong enough to resist a determined hacking attempt.
The graph below shows how using a long and more complex password can dramatically increase the time it takes for a hacker to work out your password using brute force decryption methods:
However, if your password is long but simple (e.g. Password@12345), it is still vulnerable to other decryption methods like the Dictionary Attack:
The Cyber Security Agency of Singapore (CSA) has therefore provided the following tips for creating a strong password (see full article here):
- It contains at least 12 characters.
- It comprises at least three characters from the following categories: uppercase letters, lowercase letters, numbers, or symbols.
- It is random and does not have an obvious pattern (i.e. replacing a letter with a number or symbol, e.g. P@ssw0rd).
- It does not contain any personal information (e.g. name, NRIC, birthdate)
- It is easy for you to remember but difficult for others to guess.