The Agency Insider with Linda McGlasson

The Problem with Passwords

The Problem with Passwords

Passwords are the bane of my existence -- probably yours, too. In order to be a good, secure, computer and Internet user, ideally I should have a different password for every single application I use, website I register to, and place I visit on the Internet. I frequently have at least 10 to 15 different passwords and passphrases floating up in my head from one day to the next.

The reality, it seems for the majority of us, isn't even close to what I described above. And frankly, I'm not exactly shocked by the news. Why? Let's face it: Passwords are a pain. Yes. There, I said what everyone has thought at least once after being locked out of an account they desperately needed to get into, and the help desk can't help you out with a speedy reset. The other problem with passwords is, well, the people who are charged with creating them.

The newest research from security company Imperva shows the "stare in your face fact" that '123456' is most popular password. The 32 million passwords breached in the Rockyou.com hack in December, which was the basis for the Imperva study, showed that '123456' beat out '12345' and '1234567' as the most popular passwords among the 32 million users that frequent the social network site.

Imperva studied the strength of the passwords that were posted by the attacker online after the hack and found that consumers still aren't taking strong password creation to heart.

Some of the facts Imperva released: 30 percent of all users had passwords of six characters or less, and 60 percent had passwords selected from a limited set of alphanumeric characters.

Nearly half of the passwords used names, slang terms, dictionary words, or passwords with consecutive digits or from adjacent keys, the study showed.

Here's some even more bad news when it comes to passwords: Another study by security firm Trusteer shows that a large majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account.

The British-based security firm says some 73 percent of Internet bank clients share online banking password with non-financial sites, and 47 percent re-use both their online banking user name and password. The numbers are based on a sample of 4 million users.

The firm's CTO, Amit Klein, says, "Our findings were very surprising and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites."

My advice? If you haven't already, please require your online banking customers to have passwords with multiple alphanumeric (symbols included), and require them to be at least 8 digits -- minimum. Also, changing passwords regularly is a must. Requiring online banking customers to change their passwords every 30 days may seem at first a bit harsh, but based on the above described research, your savings alone on the fraud that you stop will be a reward that you can live with. Here's some advice I penned a while back that can be helpful in creating strong passwords.

Good luck, and remind your customers NOT to recycle their passwords by using the same one on different applications or websites -- especially the ones they use to get onto your online banking portal.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.