THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
When it comes to providing security to users who utilize their banking services, many companies do not do everything they can to protect their user accounts. This lack of support or enhanced capability can lead to accounts that may be susceptible to potential attacks. Additionally, banking institutions continue to lack security support for their online portals or account access. Security Requirements When it comes to banking, there has been a lot of focus on the bank as a whole and how they process user payments or processing those payments. This has left a hole in the security requirements that can allow user data to be accessed or hacked by a dedicated attacker. An example of this lack of security can be shown with their limitation on user account password complexity, only allowing the following
Making it a Challenge When it comes to hacking, or attacking an online portal, or a user account, an attacker will want to spend as little time as possible for each of the accounts that they try to compromise. This means that they are not looking for a challenge and will want to make sure that the account they attack will be easy to compromise. By not adding additional characters to the mix of potentially used, this drastically cuts down on the amount of time it would take to crack an account. Time for Cracking
Due to both the complexity of the password that is being used, there are some basic periods for which those passwords can be hacked given the right circumstances in which to do so. Here are just a few examples:
Online Portals When it comes to credit card safety, it starts with the online portal for customer service. These sites have limited security requirements as they are meant for a way that the customer could quickly access their credit card account data. Additional security measures are needed with these specific accounts to the ability that they have in providing access to funds, resources, and data on the bank’s customer. While functionality on the online portals is needed, sometimes the security measures do not meet the same standards as other areas in the support services of the bank. The lack of enforcement of multi-factor authentication (MFA) is one of the specific solutions that should be in place on all online account access portals. Additionally, time-out or account verification during additional requests should also be enforced in order to prevent an attacker from gaining additional user account details or funds. Summary One of the glaring areas that come from banks and other institutions is that they are unwilling or unable to protect their customer’s information by the simple enablement of more complex passwords using special characters on user accounts. No matter where you use your password, you should feel safe in knowing that the bank or organization that supports the site is doing its best to protecting your information. If a bank or other institution is unwilling or unable to provide for basic security of your data, then looking for those organizations that do, should be important for you. Even card brands such as Visa, Mastercard, and AmericanExpress fail to support the inclusion of special characters in user passwords (NetSpend/ Visa and BlueBird/ AmerEx). This one addition to the password complexity equation could mean the difference between being hacked and not. In addition, the inclusion of just two more characters (10 total) is enough to make a simple hack into a costly one in time for the attackers to accomplish. Reference: https://thycotic.force.com/support/s/article/Calculating-Password-Complexity for the times taken in order to crack the passwords.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|