Sure, you could drive down to your local bank branch to deposit a check or make a money transfer, but why would you when online banking is as close as your smartphone? With just a few taps you can check your balance, transfer money, or photograph a check to deposit it. But just how secure is your online banking service?
While all the information sent between you and your bank is securely encrypted, not all banks are following the best security practices when it comes to how you log on—and some even neglect the basics. The first, and easiest, defense against getting your banking information stolen is to have a complex password (something that's more difficult to guess than "123456789"). Adding numbers and capital letters to your password makes it more complex and harder for others to guess or crack.
Yet a new study by the University of New Haven's Cyber Forensics Research and Education Group claims that some major banks don't allow strong passwords because their systems ignore uppercase letters. In researching 17 major banks in the US, the group found six—that's 35%—ignore case sensitivity in passwords. While passwords are only part of a secure system, you would expect your bank to use the highest security possible in order to protect your hard-earned cash.
The banks in question serve over 350 million customers; everyone who banks with BB&T Bank, Capitol One, Chase Bank, Citibank, Webster First Federal Credit Union and Wells Fargo is using a less secure password.
So what should you do to keep your banking information secure if your bank doesn't support strong passwords? Beyond creating the strongest password you can, using a combination of letters and numbers—and avoiding easy to guess combinations like words and birthdays—many banks allow you to turn on two-factor authentication.
Two-factor authentication requires you to use an additional code on top of your username and password. After you enter your login information, you'll be sent an additional code—usually in a text to your cell phone—which you can only use once. This means that even if someone manages to get your password, they'd also need to have access to your phone in order to access your account. A hacker who steals your password won’t also have access to your phone, while someone who steals your phone won’t know your password. (And you have your phone locked down with a password of its own, right?) Either way, your banking account is safe.
Of the banks listed above, Chase, Citibank, and Wells Fargo support two-factor authentication, and we'd strongly recommend turning it on.
Image Credit: sticky note showing password via Shutterstock