Passwords are not dead and won't be for some years, according to a new report from Javelin Strategy + Research, "In Search of a Better Password Policy."
Hackers have gotten highly skilled at cracking passwords. Financial institutions and their customers and members need to take steps to toughen password security and there are easy ones within reach.
Al Pascual, director of fraud and security at Javelin in Pleaston, Calif., told CU Times credit unions that are waiting for the password problem to be solved by ceasing to use them are delusional.
Recommended For You
"Passwords are a fact of life," Pascual said. "They will be with us for at least five to 10 more years, perhaps longer. The status quo stinks but we will be stuck with passwords for a long time."
Pascual also said that many institutions have approached the job of tightening password security in ways that are nearly certain to produce counterproductive results.
For instance, policies requiring a set of long passwords with special characters can lead consumers to writing them down, which can create a security lapse, he explained.
Pascual said there are easy steps that can bring good results.
"Blacklist certain passwords," he recommended.
These are over-used passwords such as "Password123" or "MyPassword."
The reason is that password cracking software tools used by hackers know all the common passwords and they are programmed to try them. A simple blacklist solves that.
Pascual also suggested enforcing mandatory password updates. High security institutions, including some credit unions, require employees to change passwords every 30 or 90 days.
He said that timeframe is probably too frequent for consumers but a required change, even once a year, will dramatically reduce the utility of old passwords gathered up by criminals in database hacks.
"Do just those two things and financial institutions will eliminate a lot of the risk around passwords," Pascual said.
He also recommended credit unions encourage members to use password managers. There are many popular apps for Apple and Android phones and tablets that will stop consumers from writing down passwords on sheets of paper.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.
