How to set a secure account password

This article explains how to protect your financial and personal data in FreeAgent by setting a secure account password. 

If you're unable to log in to your FreeAgent account, please see our troubleshooting steps for login problems.

At FreeAgent, we use a number of technical and organisational measures to make sure our data is secure. You are in control of your password, so we’d like to offer you some advice to help you choose the most secure password possible.

The secret is to make your password memorable (so you don’t have to write it down), but also hard to guess. Length is a key factor: a longer password, often called a passphrase, is inherently harder to break than a shorter alternative. Passphrases are usually a combination of words that you can easily remember or associate with. Please note that your password must be at least twelve characters long. 

For example, XPV!s6j2iPXt might meet complexity requirements, but you are never going to remember that and will probably have to write it down (although if you use a Password Manager then that’s great). Similarly, using something like P455W0rd! is quite common, and just not secure enough.

A longer passphrase such as sunwalkraindrive, which looks much simpler, is actually a lot harder to break. Further combining non-alphanumeric characters only increases the security, and this can be as easy as adding spaces, giving you sun walk rain drive. Hey, even throw in an exclamation mark if you are feeling adventurous!

The FreeAgent Password Strength Meter

Our embedded password strength meter will help provide feedback on the strength of your chosen password. If your password isn't secure enough, then this will be highlighted on the meter.

KB-GS-AS-01-Final.png

Using your personal information, such as your name or your company name, is not a great idea and so we'll highlight this as a known vulnerable password.

KB-GS-AS-02-Final.png

All passwords held in our system are stored securely via a secure cryptographic hashing function so even we don’t know what they are, and we'll never ask you to tell us or confirm your password. If you want to know more about what this actually means, see this article and also this article.

On top of this, we also recommend you enable 2-Step Verification on your account which offers you the best level of protection, rather than relying solely on your password.

Identifying leaked passwords

We’ve partnered with Have I Been Pwned to check the status of your password when you set it. If it’s been leaked and seen online by potential hackers then we’ll let you know so you can consider changing your password. At no time during this process, do we actually share your data. Read more about how this service protects the privacy of searched passwords.

Did you find this article useful?