The Risk of Weak Online Banking Passwords

David

Opinions are my own...
PREMO Member
Patron
If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords. Most often, the attacker will use lists of email addresses and passwords stolen en masse from hacked sites and then try those same credentials to see if they permit online access to accounts at a range of banks.

In a nutshell, if you use a crappy password, even though your bank may require 2 Factor Authentication (2FA), the hackers can use a program which mimics a program like Quicken and get into your account via the API (the software method the program uses to communicate with your bank's computers). The APIs usually completely bypass any 2FA requirement.

Bottom line:
  1. Use tough password (get a password manager to keep track of them)
  2. Never use the same password on more than one site. Otherwise, when site X is hacked they now have the password for all of your other accounts.
  3. For your banking and official matters (anything that involves money like shopping sites or government accounts, but NO social media accounts), I suggest a separate email account other than the one you use for your day to day BS, and not one of the free ones where they scan your data to sell you things (gmail, hotmail, outlook, etc). Suggest https://protonmail.com ; you can even buy your own domain name and set it up to use with protonmail (requires the paid service). Then, be vigilant; don't get lazy and mix your important email with your day to day account. Get your own domain name here: https://domains.google/#/ Pay for several years in advance if you're serious about keeping and using it.
 
Last edited:

SamSpade

Well-Known Member
In this day and age, you'd think there'd be a technology more sophisticated than knowing a password - a technology so old, the ROMANS used it, hence the word itself - a word used to "pass", such as a guard or a gate.

BUT - I get the premise. Many of us have dozens, perhaps even more than a hundred situations where we need to know and remember a password. If they are ALL complex, they'll have to be written down, because no one can remember a hundred complex passwords - especially if they change from time to time - which means the accounts are only as secure as the document they're written on. So I know from experience that many people use passwords that are probably guessable, because it has to be something they can consistently remember.
 

David

Opinions are my own...
PREMO Member
Patron
In this day and age, you'd think there'd be a technology more sophisticated than knowing a password
There are:

-- Public Crypto Keys
-- Authenticator Apps like Google Authenticator or Authy
-- Hardware Keys like a Yubi Key

Adoption moves slowly because it takes time and money to implement them and then you have to deal with the public, oh my, the public.
 
Top