If you’re worried about your risk, you’re not alone. There is a hacker attack every 39 seconds.1 Fortunately, it can be easy to reduce your risk.

Passwords pose problems

Almost every login requires a password, including:

  • Online banking
  • Online shopping
  • Debit card PINs
  • Computer access
  • Smartphone access
  • Website access

Most people have more passwords than they can keep track of, so they tend to choose simple, easy-to-remember ones. However, this also makes it easy for cyber thieves.

Making your password easier for you could also make it easier for hackers

If you think you’ve been hacked, change your usernames and passwords for all sites and accounts you use, especially sites which may contain financial and personal data. Contact your financial institutions to look for fraudulent activity. Upon being alerted, many companies, including Nationwide, can set up alerts and monitor your account activity.

Long passwords don’t have to be hard to remember

But they do need to be difficult for someone else to guess. Here are some tips on how to make good passwords:

A good password not just any password that is long that has uppercase letters, lowercase letters, numbers and symbols. It should mean something to you but appear non-sensical to others. Ideally it is a string of characters that, if shown to another person for a couple seconds, would be nearly impossible for them to recall.


  • Use a phrase with shortcuts and acronyms:

    four score and seven years ago - from the Gettysburg Address

    one for all and all for 1 - from The Three Musketeers, by Dumas

  • Use passwords with common elements:

    About to use Amazon

    Password for a Facebook account


  • Use common dictionary words – password cracking programs use dictionary lists to easily guess words in a password.

  • Make it too personal – if you put information on social media that you use in your password, a hacker will find it.

  • Make it too easy – a password like B@seba11is actually easy to guess. It’s too short and uses a dictionary word with common substitutions.

  • Make it long, but not strong – a password like House12345678 is never a good password.

  • Use a common pattern – patterns like House1, House1234, or !House! are patterns hackers look for.

Remember, to keep your online accounts safe:

  • Keep your passwords on the down-low. Don’t write down your passwords and don’t share them with anyone.

  • Unique account, unique password. Make sure all your accounts have unique passwords to protect you in the event of a breach.

  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you.

Protect your retirement account by creating your own online access first

You might think the best way to not get hacked is to not create an online account in the first place. But hackers can be clever, especially if the payoff could be access to your money or personal information. Using information they can gather elsewhere, they attempt to create online accounts. Your best defense is to go on the offensive by setting up an online account:

  1. Click “Log in” at the top of this page.
  2. Select “Retirement plans” from the dropdown menu.
  3. Click “Sign up for an online account.”

In just minutes, you’ll establish a user profile that will help reinforce the virtual firewall we’ve built to keep hackers out.

Online safety tips

To strengthen safeguards around all of your online accounts, consider these tips.

Expand all
  • Mix it up and string it out. Use lowercase and uppercase letters, symbols and numbers, preferably 12 or more characters in length.
  • Protect each account. Give strong but unique passwords to each account you own, even non-financial accounts.
  • Protect every device. Creating strong passwords for web-enabled devices, including your home router, can make it more difficult for cyber thieves to get in.
  • Change passwords regularly. Consider doing so every 90 days.
  • Vary usernames. Your username is your “first password.” Every time you create a new online account, give yourself a new username.
  • Safely store usernames and passwords. Consider software or an app that creates and encrypts longer, stronger passwords, and stores them away from your device.
  • Install a firewall. A firewall on your computer and router protects your machines from unauthorized intruders.
  • Use updated anti-virus software and antispyware. Viruses can disable your computer, and spyware can steal your passwords and account numbers.
  • Update software automatically. Creating strong passwords for web-enabled devices, including your home router, can make it more difficult for cyber thieves to get in.
  • Use Wireless Protected Access 2 (WPA2) when setting up your home Wi-Fi. WPA2 is a safety technology that helps protect your wireless connection.
  • Trust your gut instincts. If you get a popup window offering a system update, open your operating system messages application to see if the update is legitimate.
  • Enable screen locking on your devices. Many devices offer security features that let you lock them remotely, or even erase all data if it is lost or stolen.
  • Log out and close your browser windows. Reduce the possibility of unauthorized use of an account that’s already logged-in.
  • Download cautiously. Some free games and free downloads are really tricks to get you to download viruses or spyware.
  • Consider the information you share on social media sites. Review the social media site’s privacy and security settings to control who can see your profile.
  • Look for “https” in the web address. “Https” is generally more secure than “http.” Avoid financial transactions on “http” sites.
  • Avoid using public wireless networks. Use caution if a public wireless network asks you for personal or credit card information. Consider using your cell phone as a Wi-Fi hotspot for your laptop or tablet.
  • Avoid public computers. Thieves install keystroke-tracking software on library or hotel lounge computers to steal usernames and passwords.
  • Know your surroundings. Limit your use of financial apps when you’re where people can easily look over your shoulder.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you.
  • Consider professional assistance for managing your affairs. Financial professionals and legal advisors must act in your best interest.
  • Safeguard financial information. Even well-meaning family or friends can be tempted when money is easily accessible.
  • Do not share account login information. If you must share your account login information, change your password as soon as the assistance is no longer needed.
  • Hang up on callers requesting account information. No reputable firm calls customers to ask for login information or to test their systems by asking that money be transferred to them.
  • Change your usernames and passwords for all sites and accounts. This is especially important for sites that may contain financial and personal data.
  • Ask your financial institutions to look for fraudulent activity. Many companies, including Nationwide, can set up alerts and monitor your account activity.

How Nationwide defends your data

As cyber criminals become more sophisticated, so does our security strategy. We use a layered approach to our security processes and technology, which helps prevent fraud and protect our customers.
Expand all

If you access your account from a device you normally don’t use, you’ll be prompted to enter a code that’s sent to your mobile device or email address. This extra-step process, known as multi-factor authentication, adds extra protection to significantly decrease the risk of a hacker accessing your information.

  • In addition to multi-factor authentication, Nationwide uses multiple layers of firewalls designed to block unauthorized access and other potential security threats.
  • We also use Secure Sockets Layer (SSL) / Transport Layer Security (TLS), a standard security technology that encrypts information sent to and from our site. SSL/TLS ensures that all personal information — including retirement account data, Social Security numbers, usernames and passwords — remains confidential when sent between our website and your computer.

Our security team performs daily monitoring of our computer systems, looking for security violations and unwanted intrusions. We conduct periodic IT audits of the computing environment to look for potential vulnerabilities. And we are regularly audited by third parties to ensure proper security measures are in place and working as expected.

Nationwide provides ongoing training to all employees on keeping sensitive data private and protected. In-depth, role-based training also is given to associates in unique positions to enhance security and privacy. And we comply with all data security laws.

Tier 4 is the highest rating a data center can earn for availability. Nationwide uses two data centers designed to ensure data is available no matter when you want to access it.

We’re detecting and responding to vulnerabilities and threats, defending your data 24/7/365.