There are many instances of people being refused compensation when their online banking account has been hacked. Banks especially say their customer, the victim, somehow undermined their own security. Banks pay particular attention to the quality of the password and will frequently accuse the customer of making it too simple. They have also been known to accuse a customer of writing down their PIN or password so that it could be accessed by others. Click here to see the 25 most common passwords.
So how can we be protected against self-interest of businesses over something they are forcing us to use (online bank accounts) because of branch closures and costs levied on ‘old fashioned’ requirements like paper statements?
Here are some ideas that should protect you when Online Banking:
- Banks, if they want to ensure we have safer passwords, ought to put a function into the password choosing process that fulfils their security requirements. That removes the customer liability in an instant. This is the ideal position but will banks do it?
- If you have to choose a password then give it some real thought. The latest technical scam is a thing called Brute Force Login, where a computer sends thousands of combinations of user name and passwords to a target system, say you bank login page and keeps on going until the system throws it off or it works out your user name and password. Your user name, where possible, should have nothing directly linkable to you - don’t use your wife’s name, child’s name, dog’s name, etc. You get the point. And as for the password, never use ‘password’, pa55word’ or any combination thereof; don’t use your favourite football team, or any other similar name. Use something that is not related to you, but something you will remember. Insert a number, use a capital letter and possibly a special character such as !, £, $, or ?.
- The latest thinking about passwords is to use a phrase you can easily remember. Don't use the standards such as 'the cat sat on the mat' or if you do change it in a way you will remember such as 'The Mat sat on The Cat!' - notice the case change and the use of a special character. Find your own memorable phrase and DO NOT share it with anyone.
- It is a contentious issue and you can make your own choice, but my preference is NOT to change passwords unless you believe it to be compromised. The more you change it, the more likely you are to forget it or write it down. Of course, naturally this undermines the security of your well thought out password.
- I don’t have any advice on whether you should use the same password on all your bank accounts - again this is personal preference - except maybe to follow the requirements/recommendations of your bank. The pros and cons of your choice are fairly obvious, the biggest con is that if your credentials are revealed through hacking at your bank or other institution, then your other accounts could be at risk.
- Writing down of passwords - naturally I do not believe this to be a good idea. If you think you have the piece of paper or digital document well hidden, then it can probably be found by a scammer. The best way to avoid this as a solution (of sorts) is to work out a memorable formula for your password that works for you.
Passwords are a very emotional issue and full of opportunities for large institutions to accuse you of misconduct one way or another. Protect yourself as best you can. At least there is light at the end of the tunnel - biometrics may provide a haven for us, at least until the scammers have found a way to defeat this as well, but at least that’s a problem for another day in the future.
Ready to find out more?
If you are considering a website that requires customer sign up, get in touch to find out how easy it can be to stay secure!