Password Best Practices are key to minimizing risk. Many technology providers have different opinions when it comes to password complexity. In fact, leading technology providers are pushing the FIDO2 technology which is anti-hammering and like the new Microsoft Windows Hello, you can't extract the private keys of the FIDO2 device.
For companies who use two-factor authentication (or not), a strong password is recommended. Here are some password tips.
Pick a length, we'd suggest at least 11 characters. Your Password Policy should be mentioned in your employee documents.
Non-dictionary words are the best, and phrases with non-dictionary words are more secure. These non-dictionary words should be used with other complex characters.
The more complex the better. Use characters like !@#$ and numbers; every complex character reduces the chance of being compromised.
Your passwords are never to be shared. If you free you've been compromised or feel you've been compromised, change it immediately.
Banking and Non-Banking Passwords are not equal
Banking and Non-banking passwords should never be shared or the same. The idea behind the theory is if a hacker to compromise your online or social media password, it wouldn't work with your banking, credit cards, or online merchants accounts.
The Two Password Approach
Some use a two password method. One password for banking accounts and one for non-banking. This technique is nice because your having to remember two passwords. Where it doesn't work the best it when passwords are required to be changed periodically.