Password Best Practices

Your password is the primary defense for your Balance account and financial data. This comprehensive guide will help you create and maintain secure passwords.

Why Strong Passwords Matter

Your Password Protects

• Financial transactions - Your spending and income data
• Bank connections - Access to your linked accounts
• Personal information - Name, email, profile data
• Budget details - Your financial planning
• Partner data - If budgeting with a partner

Weak Passwords Lead To

• Account takeover - Attacker logs in as you
• Data theft - Financial information exposed
• Identity fraud - Personal info used for fraud
• Financial loss - Budgets manipulated, data sold
• Privacy breach - Transactions and habits exposed

A strong password is your first line of defense against these threats.

What Makes a Strong Password?

Balance Password Requirements

Balance requires passwords with:

• ✅ Minimum 8 characters - Longer is better
• ✅ At least one uppercase letter (A-Z)
• ✅ At least one lowercase letter (a-z)
• ✅ At least one special character (!@#$%^&*()_+-=[]{}|;:,.<>?)

Recommended: Go Beyond Minimum

For maximum security:

• 🌟 12+ characters - Exponentially harder to crack
• 🌟 Mix of all character types - Letters, numbers, symbols
• 🌟 Unique to Balance - Don’t reuse from other sites
• 🌟 Memorable but unpredictable - Easy for you, hard to guess
• 🌟 No personal information - Not based on your life

Creating a Strong Password

Method 1: Passphrase

Use multiple random words together:

Examples:

• CorrectHorseBatteryStaple!123
• BlueMoon&CoffeeTable$99
• OceanBreezeTreeHouse#2024
• PizzaNight-WednesdayBlue!

Why this works:

• Easy to remember
• Hard to guess
• Long enough to be secure
• Can add numbers/symbols

How to create:

1. Choose 3-4 random words
2. Combine them
3. Add capital letters (start of words or random)
4. Add numbers and special characters
5. Make it at least 12 characters

Method 2: Modified Sentence

Take a memorable sentence and transform it:

Sentence: “I met my spouse in San Francisco in 2018”

Password: ImMsInSF!n2018

How it works:

• First letter of each word
• Mix of upper and lowercase
• Numbers from the sentence
• Add special characters

More examples:

• “My dog Rex loves walks at 7am” → MdRlWa7am!
• “Balance helps me save $500 monthly” → BhmS$500m!
• “Coffee costs $5 but worth it!” → Cc$5bw1!

Method 3: Random Character String

For maximum security (requires password manager):

Examples:

• kT9$mPx2#vLq!nZ8
• jR3@wK7&fN5*pY1
• dC6^mX9!bH4$rG2

Benefits:

• Most secure
• Truly random
• Impossible to guess

Downside:

• Must use password manager
• Can’t remember it

Password Strength Examples

❌ Weak Passwords (NEVER USE)

• password - Too common
• 123456 - Sequential numbers
• Balance2024 - Predictable
• johnsmith - Based on name
• qwerty - Keyboard pattern
• password123 - Common with simple addition
• letmein - Dictionary word

Why weak:

• In common password lists
• First passwords attackers try
• Easily guessed
• Quickly cracked by computers

⚠️ Medium Passwords (AVOID)

• Balance@2024 - Predictable pattern
• MyBudget123! - Common phrase
• JohnSmith2024! - Personal info
• Summer2024! - Seasonal + year

Problems:

• Still guessable
• Pattern-based
• Personal information
• Common substitutions

✅ Strong Passwords (GOOD)

• BlueMoon&Coffee$99 - Random words + symbols + numbers
• ImMsInSF!n2018 - Sentence-based, transformed
• TreeHouse#Ocean2024! - Random combination
• kT9$mPx2#vLq!nZ8 - True random (needs password manager)

Why strong:

• Long (12+ characters)
• Mixed character types
• No predictable patterns
• Not based on personal info
• Unique combinations

What to Avoid

Never Use

• ❌ Personal information

  • Your name, birthday, address
  • Partner’s name
  • Pet names
  • Phone numbers
  • Social security number

• ❌ Predictable patterns

  • Sequential (123456, abcdef)
  • Keyboard patterns (qwerty, asdfgh)
  • Repeated characters (aaaaaa, 111111)
  • Simple substitutions (p@ssw0rd)

• ❌ Common passwords

  • password, welcome, admin
  • monkey, dragon, master
  • iloveyou, sunshine
  • princess, football

• ❌ Short passwords

  • Under 8 characters
  • Even if complex

• ❌ Dictionary words

  • Single words (even with numbers)
  • Words from any language
  • Common phrases

Dangerous Password Habits

• ❌ Reusing passwords - Same password on multiple sites
• ❌ Minor variations - Slightly changing reused password
• ❌ Sharing passwords - Giving password to others
• ❌ Writing passwords down insecurely
• ❌ Saving in plain text - In notes, documents
• ❌ Auto-saving in browser on shared devices
• ❌ Never changing - Using same password for years

Password Management

Using a Password Manager

What is a password manager?

• App that stores all your passwords
• Encrypts them with a master password
• Generates strong random passwords
• Fills passwords automatically
• Syncs across devices

Popular password managers:

• 1Password - User-friendly, family plans
• Bitwarden - Open source, affordable
• LastPass - Free tier available
• Dashlane - Good free version
• Apple Keychain - Built into iOS/macOS
• Google Password Manager - Built into Chrome

Benefits:

• Remember one strong master password
• Use unique password for every site
• Generate truly random passwords
• Encrypted storage
• Automatic filling
• Password strength analysis
• Breach monitoring

How to Use a Password Manager with Balance

1. Install password manager - Download app or browser extension
2. Create strong master password - This one you must remember!
3. Generate Balance password - Let manager create random password
4. Save in manager - Store Balance credentials
5. Log in - Manager auto-fills your password
6. Use on all devices - Sync keeps passwords available

Master password tips:

• Make it long (20+ characters)
• Use the passphrase method
• Write it down (keep somewhere secure)
• Never share it
• This is the ONE password you must remember

Without a Password Manager

If not using a password manager:

1. Create strong unique password using methods above
2. Write it down - On paper only
3. Store securely - Locked drawer, safe
4. Don’t carry with you - Leave at home
5. Consider password manager - Much more secure!

Better alternative: At minimum use browser password manager, though dedicated password managers are more secure.

Keeping Passwords Secure

Best Practices

Do:

• ✅ Use unique password for each account
• ✅ Change if compromised immediately
• ✅ Use password manager for complex passwords
• ✅ Enable biometric login (mobile apps)
• ✅ Check for breaches - haveibeenpwned.com
• ✅ Update periodically - Every 6-12 months
• ✅ Log out on shared devices

Don’t:

• ❌ Share passwords - Not even with your partner
• ❌ Email passwords - Never send via email
• ❌ Text passwords - Not via SMS either
• ❌ Save on shared devices - Don’t auto-save in browser
• ❌ Use public Wi-Fi without VPN
• ❌ Ignore password warnings - Take breach alerts seriously
• ❌ Reuse old passwords - Create new ones

Recognizing Phishing

Legitimate Balance will NEVER:

• ❌ Ask for your password via email
• ❌ Ask for your password via phone
• ❌ Ask for your password via SMS
• ❌ Send unsolicited password reset links
• ❌ Create urgency to change password immediately

If you receive suspicious communication:

1. Don’t click any links
2. Don’t provide your password
3. Go directly to balancebudget.app (type URL)
4. Log in normally
5. Contact support@balancebudget.app

Learn more about phishing →

When to Change Your Password

Change Immediately If:

• 🚨 Suspected compromise - Think someone accessed your account
• 🚨 Shared accidentally - Gave password to someone
• 🚨 Phishing attempt - Entered password on fake site
• 🚨 Data breach - Another site where you used same password breached
• 🚨 Suspicious activity - Unexplained changes in account
• 🚨 Public device - Entered password on public/shared computer

Change Periodically:

• 🗓️ Every 6 months - Good security practice
• 🗓️ Every year minimum - At least annually
• 🗓️ After relationship changes - If partner had access
• 🗓️ After employee departure - If shared with hired help

DON’T Change:

• ❌ Too frequently - Not every week/month (password fatigue)
• ❌ With minor variations - balance123 → balance124 (not secure)
• ❌ Without good reason - If secure and not compromised

Balance approach: Change when needed, but focus on using a strong, unique password rather than frequent changes.

Learn how to change your password →

Multi-Device Security

If You Use Balance on Multiple Devices

Secure each device:

• 🔒 Device passcodes - Lock screen on all devices
• 🔒 Biometric locks - Face ID, fingerprint
• 🔒 Auto-lock - Set short timeout
• 🔒 Find My Device - Enable remote wipe
• 🔒 Keep software updated - Latest security patches

Password considerations:

• Use password manager synced across devices
• Or use biometric login (avoids typing password)
• Log out on devices you don’t use regularly
• Remove old devices from account

Couples & Shared Accounts

For Couples Budgeting Together

Best practice:

• Create Balance account together
• Share ONE account (that’s the point!)
• Each person uses biometric on their device
• Both remember the password (different methods)
• Use Balance profiles feature (not separate accounts)

DON’T:

• Share password via text/email
• Write password where others can see
• Use obvious shared password

Alternative:

• Store password in shared password manager vault
• Both partners have access
• Securely encrypted
• Each partner remembers master password

Testing Password Strength

Online Password Strength Checkers

Never enter your actual password!

Safe to use:

• Password strength meters during creation
• Generic checkers with similar format
• Password generator tools

DON’T enter real passwords at:

• Random websites
• Untrusted checkers
• Any site asking for your password

How Long to Crack Your Password?

Examples (with modern computers):

Factors affecting crack time:

• Length (most important)
• Character variety
• Unpredictability
• Not in dictionary
• Not common pattern

Common Questions

Q: How often should I change my Balance password?
A: Every 6-12 months is good practice. Change immediately if you suspect compromise.

Q: Can I use the same password for Balance and other sites?
A: No! Always use unique passwords. If one site is breached, others remain secure.

Q: Is it safe to write down my password?
A: On paper only, stored very securely (safe, locked drawer). Digital storage should only be in password managers.

Q: Should I use a password generator?
A: Yes, if using a password manager. Otherwise, use the passphrase method.

Q: What if I forget my password?
A: Use the “Forgot Password?” link on login screen. You’ll receive a reset code via email.

Q: Can Balance employees see my password?
A: No. Passwords are encrypted (hashed) and even Balance employees cannot see them.

Q: Is biometric login more secure than a password?
A: Generally yes, especially against remote attacks. Use both for best security.

Q: What’s more important: password complexity or length?
A: Length is most important. A long passphrase beats a short complex password.

Password Security Checklist

Use this checklist for your Balance password:

• 12+ characters long
• Contains uppercase letters
• Contains lowercase letters
• Contains numbers
• Contains special characters
• Not based on personal information
• Not a dictionary word
• Not used on other sites
• Stored in password manager OR memorized
• Never shared with anyone
• Not written down insecurely
• Biometric login enabled (if on mobile)
• Changed in last 12 months

Score:

• 13/13 - Perfect! Your password is very secure
• 10-12 - Good, but room for improvement
• 7-9 - Moderate, consider strengthening
• Below 7 - Weak, change your password now!

Next Steps

Enhance your Balance security:

• Change Your Password - Update to strong password
• Enable Biometric Login - Quick, secure access
• Account Recovery - What to do if locked out
• How Balance Keeps Data Safe - Our security measures

Need help with passwords? Contact our team - we’re here to assist!