Skip to Main Content
PCBB Banc Investment Daily July 03, 2017
Banc Investment Daily
July 03, 2017

Sleeping Soundly Around Password Risk

A new study by Penn State researchers finds the sooner babies are put in their own room the longer they will sleep. That's right, babies that didn't sleep in the same bedroom as their parents slept for longer stretches of time (about 45 minutes longer). The information runs counter to recommendations of the American Academy of Pediatrics, who say parents should share a room (but not a bed) with babies for 6 months to 1Y. It is something to think about perhaps but be sure to check with your pediatrician to get professional advice.
In banking, the professionals say many passwords used by your customers are weak at best. In fact, people are pretty lazy when setting passwords because they are forced to memorize them, so they want something easy. That is why no one should be shocked by research from security company SplashData that looked at over 5mm leaked passwords from last year and found some of the lamest ones remain: 123456; password; 121212; password1; qwerty; login' welcome and admin to name a few.
Memorization is tough, but Pew Research finds 65% of Americans still use it for their password management vs. 3% who use password management software. Yet, as hackers get better at cracking passwords, longer passwords are becoming required for many sites, including online banking.
Your customers may also think it is more challenging to remember all the passwords associated with their accounts these days. In fact, 39% of people find it challenging to organize their passwords. This is a problem, as 76% of corporate cyberattacks were related to weak passwords, according to the research. That means customer behavior in this area likely is one key part of increased risk to your bank.
To help educate customers try to get them to use a unique password for each website. It won't be easy though, as a study by Keeper Security finds greater than 80% of adults say that they use the same password over multiple websites. Given that cyber thieves break passwords with alarming speed and ease, the most obvious victims will be the ones that use the same password over many websites. Be sure to pass on the consequences of poor password usage to your customers to raise awareness.
Next, be sure to educate customers that complexity and length are also important. Research finds a supercomputer can crack an 8 digit password in 1.8 seconds and by mixing in lower and upper case letters it takes 7.6 minutes. Using 10 characters that include letters, numbers and symbols boosts the time to 5.3Ys and pushing this to 12 characters would push it out to 38,338Ys.
Besides unique and complex passwords, the basics of password etiquette still need to be reinforced as well. Teach your customers not to share passwords, nor visibly post them, to log off completely from any websites and to change passwords often.
Lastly, make sure any stored and encrypted passwords are secured. This is where hacking happens frequently, as databases are breached, information is stolen and passwords are cracked. Regular updates from your IT team should keep your mind at ease on this front.
Everyone knows that password protection is important. However, it is becoming even more important in today's fast moving, password-breaking world. Now may be the time to review best practices with your customers and employees and communicate the risks thoroughly. Doing so should also help keep your bank and your customers sleeping soundly.