Password security at Firi

Password security at Firi

Security measures when logging into Firi

This article looks at password security and the different security measures taken to log into Firi. Read on for tips on how to create strong passwords.

To register and log into both the website and our app, you can choose between either logging in with Vipps or with a username, password and two-factor authentication.

Read more about how to use Firi here

Log into Firi with Vipps

We recommend all our Norwegian customers to register and log in with Vipps. This is a safe and very easy login-method with just one click. The only thing you need to remember is your own phone number.

If you register with Vipps, you do not have to enter all the information we need to create your user, such as name, e-mail, telephone number and address. Your Vipps profile will tell us what we need to know.

Important: When you register with Vipps, you do not have a username and password with Firi and do not need to go through two-factor authentication.

Username, password and two-factor authentication

If you do not want to use Vipps to log in, you can also choose to register with your username and password. You will then have to go through two-factor authentication for extra security.

What is two-factor authentication (2FA)?

Multifactor authentication, two-factor authentication (2FA), or two-step verification as it is also known, is an extra layer of security in addition to passwords. The most well-known two-factor authentication is BankID. Here you enter both username and password, but you must also use a password calculator or your mobile phone. In other words, it takes two factors to log in – something you remember (such as a password or code) and a device (such as a cell phone, computer, password calculator, etc.). Other types of authentication include a fingerprint, voice or face shape.

Two-factor authentication is an important security measure. It makes it harder for people to access your account even if they manage to guess your password. Creating passwords that are sufficiently unique, long and strong can be a challenge, so an extra layer of security is absolutely necessary for most people to avoid falling victims to cybercrime.


How to create a strong password

  • A password should have at least 12 characters. Firi requires 14 characters for additional security.
  • We recommend you use both lowercase and uppercase letters in the password.
  • Numbers and special symbols can also be used to strengthen the password.
  • Do not use personal information in the password.
  • Have different passwords on all user accounts.
  • Feel free to write down your passwords on a piece of paper that you keep in a safe place. You should never keep your passwords with your computer or mobile phone. Ideally, you should store your passwords in a password manager.

Password manager and password

It can be a challenge to both write down and remember all the different passwords you have on different websites. We therefore recommend everyone to use an encrypted password manager that stores all your passwords in a safe and secure way. Remember that if a website is hacked, and you use the same password on several websites, the hacker has your login information for all those websites.

Examples of password managers are LastPass, F-secure safe and 1Password, and there are many more out there.

Password managers are, simply put, apps with a main password that should be very strong and completely unique. This is the only password you need to remember. We recommend that you use password phrases instead of a single password. An example of such a sentence is:

Fruit salad with Ch0c0late!

This password has 25 characters, including uppercase and lowercase letters, numbers and special characters, but is quite easy to remember and difficult to crack.

How do they hack you?

How does hacking work? You might think hackers use clever methods to crack your password. That they are sitting in dark rooms and "hacking" your password. But the truth is that in most cases, YOU are the one being hacked – by the swindlers tricking you into giving them your password. The most common way this happens is by being tricked into clicking on links in emails. These emails will pretend to be from someone you know or from a company or organization you trust. You should therefore always be careful, and double-check the sender when you receive links by e-mail. We will return to this in the next section.

But there are also other methods that swindlers use. For instance, they might get in touch with you directly and make you trust him or her. You may want to pay special attention to suspicious phone calls or people you meet on dating apps/ websites.

Electronic fraud

Phishing, or electronic information fraud, is when a cyber-criminal tries to manipulate someone into acting in a particular way so that the scam-artist can gain access to sensitive information. This could be tricking someone into opening an email attachment, clicking on a link, paying fake bills, clicking on fake updates on websites, etc. Phishing attempts are most often made by e-mail, but social media has also recently been widely used as an arena for targeting people. The swindlers can pretend to be someone you know and trust.

Advice from our security experts on how to avoid phishing attempts:

  • Check the email address, phone number or username of the sender. If fake, they may be similar to addresses, numbers or names you already know, but with some minor adjustments. For example, an email address may end in “.com” instead of “.no”, in which case it is a sign that the account is fake.
  • STOP-THINK-CLICK. When using your email and social media, you should check where the link is coming from. You can do this by holding the cursor over the link.
  • Do not click on links, but copy the address manually or enter the address in the browser.
  • Never send personal information by email or share it with strangers who call.
  • Keep operating systems and programs, especially antivirus, up to date. This can prevent many programs from infecting your computer.
  • Furthermore, we would recommend that you take a look at this blog post, in which we provide information and tips on how to avoid investment fraud and money management fraud.


If you follow the advice about passwords and security in this article, and are careful not to share passwords and other personal information, you will probably be well protected against hacking and fraud. We recommend you acquaint yourself with the term“social engineering” to understand how fraud works. Here is a YouTube video that explains the concept of social engineering.

Do you believe someone has tried to defraud you? Contact security@firi.com immediately.

Here you can learn more about how to use Firi safely.

Get started

Cryptocurrency for dummies

Cryptocurrency for dummies: In this article, we answer common questions about cryptocurrency.

Guide to trading cryptocurrency

Many people have become rich trading cryptocurrency, but it requires knowledge, guts and a small dose of luck. Read more about cryptotrading here.

Trading cryptocurrency at Firi is more affordable than most people think

When trading cryptocurrency, you often look for a cryptocurrency exchange with low fees. At Firi, it is the customers who control the price and there are neither invisible fees nor currency surcharges.