April 26, 2016

Share Everywhere

Does Your Bank Have Weak Password Security?

Top financial institutions lock down customer data with robust, multi-layer security that is completely impenetrable to hackers. At least, that’s the assumption many people might make. Unfortunately, the truth is sometimes very different.

In a recent study that looked at bank password strength, researchers found that 35 percent had significant weaknesses in their policies. Conducted by the University of New Haven Cyber Forensic Research and Education Group, the study focused only on very large banks, which makes the finding even more of a concern.

Some of those singled out as lacking in password security were Wells Fargo, Capital One, Chase Bank and Citibank. In total, researchers estimated that these password issues impact about 350 million customers.

Big Banks, Big Problems

Commenting on the study, security research firm Kaspersky Lab noted that all of the banks with less robust password security measures had website policies that don’t differentiate between upper- and lower-case letters. That weakens security levels for users.

One of the researchers added that hackers can guess a case-insensitive password in as little as eight hours. But if a password is case sensitive, it takes about 26 days for an attacker to crack it, and even then, very high-tech computer power is necessary.

As a point of comparison, social media sites all tend to use case-sensitive password policies, researchers stated. That means Facebook and Twitter may have stronger password security than your bank.

Password Protection

Unless you happen to be the Chief Information Officer at one of the world’s top banks, it’s unlikely that individual comments about strong passwords will spark major changes to your financial institution’s policies. But there are actions you can take to stay safe.

Most notably, make password management into a priority. We’ve often covered password security here, and for good reason—strong passwords that are harder to crack keep you safer. It’s worth taking the time to make sure you’re protecting your information with strategies like these:

  • Don’t choose easy or obvious passwords. Every year, the “worst passwords list” tends to have many of the same combinations, such as “123456” or “password.”
  • Consider a password manager. These simple applications store all your passwords, so it’s easier to change them frequently and make them stronger, without having to remember multiple combinations.
  • Use a mix of numbers, letters and symbols. There’s a major difference between a password like “catlover” and “Ca7&L0v3r”—the first is easy for a hacker to crack, and the second is much more difficult.
  • Don’t make it personal. To make passwords easy to remember, many people use the names of their children, pets, hometowns and other identifying information. Not only can these details be picked up by monitoring your social media posts, but they may also put you at risk of identity theft since an attacker would have more data about you to use.

In general, it’s a good idea to remember that password security results from staying vigilant about protecting your information. You can’t always rely on banks—or insurance companies, social media sites, online shopping sites or other services—to put strong password controls in place for you.

Image courtesy of Flickr user Automobile Italia.

Join The Discussion

Your email address will never be published.