eSewa account hacks, MeroShare login theft, and mobile banking fraud are rising sharply in Nepal. The root cause in most cases is a weak or reused password. This guide shows you what a strong password actually looks like and gives you a free tool to generate one instantly.
Password Generator
Generate a cryptographically strong random password — check its strength and see how long it would take to crack
Try this free toolWhy Nepal digital accounts are being targeted
Nepal has seen explosive growth in digital finance: eSewa has over 10 million users, MeroShare is used by nearly every NEPSE investor, and mobile banking apps from Nabil, NIC Asia, and Global IME are used daily. This makes Nepal users attractive targets.
Common attack methods used on Nepali accounts:
Credential stuffing: Hackers take leaked username/password lists from other sites and try them on eSewa, MeroShare, and banking apps. If you use the same password everywhere, one breach exposes all your accounts.
Phishing: Fake eSewa or Nepal bank SMS/emails trick you into entering your password on a fake site. The site looks identical to the real one.
Brute force: Automated programs try thousands of common passwords per second — "Nepal2024", "password123", your birthday, your phone number.
What makes a password strong?
A password's strength is measured by how long it would take a computer to crack it by trying all combinations.
| Password type | Example | Time to crack |
|---|---|---|
| 6 characters, numbers only | 123456 | Instantly |
| 8 characters, lowercase | password | Instantly |
| 8 characters, mixed case + numbers | Nepal123 | 3 hours |
| 12 characters, mixed case + numbers | Nepal123Bank | 3 weeks |
| 16 characters, all types | N3pal@Bank#2082 | 34 million years |
| 4 random words | correct-horse-tree-sun | Billions of years |
The jump from 12 to 16 characters is enormous. Length matters far more than complexity.
Rules for strong passwords — specific to Nepal digital accounts
eSewa password rules:
- Minimum 8 characters
- Must include uppercase, lowercase, number, and special character
- Should NOT be your phone number (extremely common hack target)
- Never use: your name, "esewa", "nepal", your birthday, "1234"
MeroShare BOID password:
- Your BOID (Beneficiary Owner ID) is public — never use any part of it as password
- Use a different password from your bank app
- Change it after every IPO season when phishing attacks spike
Mobile banking apps (Nabil, NIC Asia, Global IME etc.):
- Use a 6-digit MPIN that is NOT your birth year, citizenship number last 6, or phone number
- Enable fingerprint/biometric login for convenience + security
- Never share your OTP with anyone — banks never ask for OTP
The passphrase method — strong and memorable
Instead of a random string like k#9Lm@2pQr, use four unrelated Nepali or English words:
mango-temple-rain-calculator
This password has 30 characters and would take billions of years to crack — yet it is easy to remember. The Password Generator has a passphrase mode that generates these for you.
One rule that prevents 80% of account hacks
Use a different password for every account.
Most Nepal account hacks succeed not because the attacker cracked your password — but because your password was leaked from another site and they tried it on your eSewa or bank app. If you use unique passwords, a leak from one site cannot access any other account.
Use a password manager (Bitwarden is free and works in Nepal) to remember all unique passwords.
What to do if your eSewa or bank account is compromised
- Change your password immediately — use a device you trust
- Call your bank's helpline — Nabil: 01-4700016 | NIC Asia: 01-5970022 | Global IME: 01-4412230
- Report to eSewa — support@esewa.com.np or call 01-5970001
- File a cyber crime complaint — Nepal Police Cyber Bureau: 01-4412705
- Check recent transactions — identify unauthorized ones and report them
- Freeze your card — most banking apps have a card freeze option