Personal Security Tips

Managing Passwords and Verification

It's worth the extra effort to create strong passwords, change them often and keep your login information safe. Follow these guidelines for managing your passwords and authentication.

Create strong passwords

Use passwords and personal identification numbers (PINs) that are easy for you to remember, but hard for others to guess. Use a combination of upper case and lower case letters along with numbers and special characters to make your password more secure. Don't use easy-to-guess birthdays or the names of your children, pets or high school sweetheart. You should also avoid common passwords like sequential numbers or phrases like Password123. Create different passwords for each of your online accounts and change them periodically.

Protect your passwords

Be cautious about sharing your usernames and passwords with people, companies and services – especially when your personal information and money are involved. Never store your passwords in a note, memo or file on your computer or mobile device. If you do need to save your passwords, use a more secure location like a password manager app.

Opt for additional authentication

Many financial institutions like Ally have 2-step or 2-factor authentication built into their security solutions, but it's still smart to enable multi-factor verification on sites and devices where this feature is optional. Multi-factor authentication offers another layer of protection by asking for an extra piece of information in addition to your password, like a security code that's sent via text or a fingerprint ID. You can usually enable 2-step verification in your password and security settings.

Multi-factor authentication can take many forms and requires the use of 2 or 3 different authentication factors that could include:

  • Something you know – such as a password, PIN or personal security questions.
  • Something you have – like a computer, phone or tablet; a debit or credit card; or a device that generates a security code.
  • Something you are – which includes fingerprints, retinal scans, facial recognition or other biometric information.

Companies use a variety of verification factors, typically based on the degree of risk. They may ask the user to go through these authentication steps every single time they log in or they may use a behind-the-scenes approach that evaluates the risk of suspicious behavior for each interaction before asking for additional authentication.

Ally uses multiple layers of authentication that may not always be apparent to our customers. If we detect risk, like a login from an unknown device, we may ask for additional verification. This includes asking questions only you would know or sending a security code via email or text. Every Ally Bank and Ally Auto customer sets up multi-factor authentication when they create their account or when we upgrade our security solutions.

Security is not a one size fits all solution. Which is why your multi-factor authentication may look different from company to company.

Suspect Fraud?

Call the Ally Fraud Hotline at
1-800-971-6037.

Webroot Threat Protection