In a rather ironic turn of events, over 350 million individuals who have accounts with the large banking companies in the United States are using passwords that are weaker than the ones they use for their social media accounts.
Researchers at the University of New Haven Cyber Forensic Research and Education Group examined the strength of passwords used by customers of major U.S. banks such as Wells Fargo, Capital One, Citibank, Chase Bank, Webster First Federal Credit Union and BB&T. The study found that those passwords were substantially weak, which could affect potentially hundreds of millions of bank clients.
It is hard to believe that people are more concerned about bolstering their social networking accounts than beefing up their banking credentials, thanks to the poor password policies among these banks.
One of the weaknesses discovered in those banks’ password policies is that the website login pages do not require a distinction between upper and lower-case letters. Normally, users are asked to employ upper and lower-case letters to beef up the security of their accounts. In addition, symbols and numbers are also required for better security.
By missing support for case-sensitive passwords, those banks are making their customers’ cyber account less secure than, for example, Facebook and Twitter. The banks in question are also significantly making it easier for attackers to perform brute force attack on the accounts of customers, a technique that guesses the account password through repeated and persistent attempts within a short period.
As among the largest banks in the United States, it would be safe to expect the highest security standards from those companies when it comes to password policies, especially for customers whose security and safety online rely on how those banks handle their login credentials. But the researchers’ recent findings shed light on the lack of seriousness on the part of the banks to secure the cyber accounts of their customers.
In comparison, the time it takes to brute force a password that is not case sensitive is shorter than the time it takes to guess a case sensitive password, thus reducing the odds for attackers to carry out their malicious activity.
In terms of response and customer service, those banks were sadly sluggish in responding to the concerns of customers with regards to the security of their account. In fact, according to the researcher, there is hardly a way to contact those banks as their websites do not contain email addresses or contact number for customer feedback.