Leave a comment

Major banks' weak password policies leave 350 million vulnerable

Hackers have had major success in the last few years, stealing information and personal data from retail stores, restaurants, major banks and even the IRS. That's causing a lot of people to rethink what they do on the Internet, and online banking is something it seems Kim's listeners aren't too sure about.

And with good reason. A new study by the University of New Haven Cyber Forensics Research and Education Group (UNHcFREG) found that a significant number of major banks are simply ignoring the most basic security essential to keeping accounts safe: strong passwords.

In the study, six out of 17 major banks have weak password policies that ignore case-sensitivity, leaving more than 350 million customers at risk. That's more than the entire population of the U.S.!

So what's the big deal? Case-sensitivity? Really? Really. When hackers attempt to get at your information, they run a program or algorithm that attempts a whole bunch of passwords at a time. So if your password is something like "YoUrLaStName2015", any combination of uppercase and lowercase words will unlock your account.

If you do the math, you can see just how important it is to implement case sensitivity. There are 52 letters (uppercase and lowercase), 10 numbers and on a standard keyboard (not including special characters). So, out of 62 different unique characters, if we take away case sensitivity, there's only 36 characters left, cutting down the number of password possibilities by nearly half. All it takes is enough attempts and the hacker is in.

According to the study, the worst offenders are Wells Fargo (70 million customers), Capital One (50 million customers), BB&T (undisclosed amount), Webster First Federal Credit Union (undisclosed amount), Chase Bank (50 million customers) and Citibank (200 million customers).

On top of that, when UNHcFREG attempted to contact the banks about the weak password policies, they had a tough time. There was no contact email address or phone number to report issues, so banks were notified through their standard customer service hotlines, which is problematic in itself.

The study noted that out of the institutions notified, one bank insisted they have a case-sensitive password policy, despite tests showing otherwise. Another one had an employee who wasn't aware that there was an IT or security department. Meanwhile, a third bank claimed that this is company policy and failed to elaborate any further.

What should you do? There's not much you can do, except make sure your passwords include special characters at the very least. You also might want to look into paid security software to help keep your accounts safe from hackers.

Next Story
This smart luggage will completely transform your traveling experience
Previous Happening Now

This smart luggage will completely transform your traveling experience

NASA miscalculates asteroid TX68 flyby by THREE DAYS: Just how close will space rock come to Earth?
Next Happening Now

NASA miscalculates asteroid TX68 flyby by THREE DAYS: Just how close will space rock come to Earth?

View Comments ()