A study of 17 major US banks shows that six of them have weak password handling and that their password procedures are weaker than most social websites.
The six banks, 35 percent of the test group, appear to have a significant weakness in their password policy: ignoring case sensitivity, a study by the University of New Haven Cyber Forensic Research and Education Group (UNHcFREG) showed.
The banks ask users to set up passwords that include letters and special symbols, but the study shows the passwords may not be case sensitive. This means any combination of upper and lower case letters might work and the passwords may not be reliable.
“We were very surprised when we learned that banks have fewer requirements for passwords than social media sites,” said Walter Gordillom a cyber systems major who took a lead on the UNHcFREG project.
