Many Americans put their money in the bank as a method of keeping it safe and secure. Most do not realize, though, that one policy employed by financial institutions which is meant to protect them could actually be putting their sensitive financial information at risk. In fact, according to the Cyber Forensic Research and Education Group at the University of New Haven, most financial institutions have less stringent password requirements than other types of businesses including social media sites.
Research Group Surprised by Results
The research group looked at the password policies of 17 banks. Of those, the group raised concerns about the password policies of six. It found that the password requirements of some of the country’s largest banks — including Wells Fargo, BB&T Corp., Citibank, Chase, Capital One and Webster First Federal Credit Union — had flimsy policies that did not require industry standards. These six financial institutions represent about 350 million accounts — a staggering number considering the vulnerability of the information.
What Makes These Policies Weak?
What the research group — which was made up of five undergraduates — discovered is that the above-mentioned banks did not differentiate between upper and lower case letters when it comes to their account holders’ passwords. That is, they did not require that the passwords be case sensitive. A cyber security expert and assistant professor at the University of New Haven, Frank Breitlinger, noted that the failure of banks to support case sensitive passwords is both surprising and troubling. He pointed out that many people naturally use both types of letters when they are formulating their passwords. Because banks do not take the simple step of supporting these efforts within their passwords, the security of their account holders’ financial information is significantly reduced.
Another Troubling Discovery
Not only did the research group discover that these financial institutions do not support using case-sensitive passwords, they did not make the experience of reporting security issues user-friendly. Many of them had no listed phone numbers or email addresses to report a troubling security problem. Instead, researchers notified these banks by using their phone hotlines. Representatives for the banks that were reached on these hotlines didn’t seem to understand how to handle the researchers’ concerns or the potential for severe security issues. In addition, they did not notify their in-house IT or security department or seem to understand the need to do so.
If you are looking for a reliable IT support partner in Indianapolis, we can help! As experienced IT professionals C.D.'s IT Consulting LLC offers secure solutions that are designed to protect your sensitive financial information. Give us a call today at (317) 522-1362 ext 2 or send us an email at firstname.lastname@example.org.