Features of a secure password
- Don’t use the same password you use for other systems.
- Password needs to be different from the user ID (if authorization is done via SMS codes).
- Password cannot contain information such as first name, last name, birthdate, NIP, PESEL, commonly known phrases, etc.
- Don’t disclose your password to anyone.
- Change your password every couple months.
- Don’t keep your password online, on your computer or in writing.
- Never disclose your password remotely via a phone or email.
- Never input you password in unknown and unverified locations (for example internet cafes, stores, etc.)
Features of a strong password in ING Business
A secure password in ING Business is a strong password which:
- in case of the certificate authorization method – has no less than 8 and no more than 16 characters and includes at least one capital letter, one small letter and one number;
- in case of an SMS authorization – has no less than 10 and no more than 32 characters and includes at least 3 of: capital letters, small letters, numbers and text symbols (for example #%^&@);
- is easy to remember for you, but hard to guess for others;
- doesn’t contain phrases with logical letter replacements, for example “my p@ssword”;
- doesn’t contain entire dictionary-form phrases;
- is much different from previous passwords;
- doesn’t contain repetition of signs (ex. 111111111), sequences (abcdefgh), or strings of characters in ‘keyboard’ order (ex. QWERTY).
Secure password equals strong password. How to create one?
- Choose an easy to remember sentence, for example ‘Red tomatoes are the best’. This will be the basis for your password.
- Create a new, meaningless phrase made out of the first two letters of every word and particle in the sentence above: retoarthbe.
- Strengthen your password by adding capital and small letters and numbers, for example Ret0ArthBe.
- Replace some of the characters with text symbols, for example Ret0@rthBe.
The above example is just a one of many methods you can use to create a strong password.
Security rules for eToken/microchip card
When using an eToken/microchip card cards keep these basic security rules in mind:
- connect your eToken or card to a computer only when ING Business is running. After logging out disconnect your eToken or card and store it in a secure location;
- use anti-virus programs and enable your firewall settings;
- make sure you have installed the up-to-date browser version together with all available system fixes.
Certification path verification
Any communication between your computer (identified as the user) and bank’s server is encrypted using the TLS encryption protocol (Transport Layer Security).
ING Business uses the Extender Validation TLS certificate with the key length of 2048. The EV SSL certificate is compatible with modern browsers, such as Internet Explorer 9 or Mozilla Firefox 32.0 (or higher version). Thanks to it, the logo, name and firm location are clearly visible. Additionally the certificate guarantees data encryption security along with complete protection from any unauthorized modifications and authenticates computers involved in the data exchange process. Receiving the EV SSL certificate is preceded with very thorough authentication of the applying party. This certificate is granted only to trusted and verified institutions.
The correct certification path for a product server of ING Business is as follows:
In the bottom right corner of the window or at the top address strip of every browser, there is a visible padlock icon. The padlock needs to be locked. By clicking on it, you can check the ING Business verification path. After the window titled Certificate opens, click on the Certification Path – applicable only to IE users. When using other browsers follow the certificate verification instructions issued by their producers.
Last element of the certification path in the text message (SMS) codes based method is start.ingbusinessonline.pl. For certificate based method the last element of the certification path is ligin.ingbusinessonline.pl
You can confirm the credibility of the ING Bank Śląski certificate for ING Business by checking the public Thumprint. The correct value of the Thumbrint is as follows:
- a method based on text messages codes
- a method based on the certificate carrier (eToken/card)
Thanks to the certificates issued by Symantec Corporation/VeriSign, you can be sure that you have made a secure connection with the bank’s servers.
Manage the system access rights
Define your preferred security policy and adjust it to your firm’s needs
The extensive system of user profiles allows easy management of system access rights. If users only use the system in their workplace, for convenience it is possible to specify one or multiple IP addresses from which logging in will be possible. If the system is only to be accessible within the office working hours, it is possible to specify the exact days and hours during which logging in will be possible. Using the above advancements, it is possible to personally define the firm-adjusted security measures.