Secure Online Banking
Online banking is considered one of the most critial online services where the highest security standard is expected by users.
Most online banking websites provide access to bank accounts using secure internet connection HTTPS and authentication based on:
- name, alias or email address
- string of alphanumeric and special charaters chosen by user and known only to the user. It's complexity and length determines overall security of the account.
- designed to further verify identity of the user attempting to sign in
When user enters incorrect user id or password, or provides wrong answer to security question, permission to access bank account is denied.
To enhance security many websites allow only certain number of attempts before the access is blocked for given user id.
That seems to be a reasonable precaution, however the one which can cause some troubles. If user makes a mistake and account gets blocked,
it is always possbile to unblock the access by calling the bank, accessing special web link received via email and answering security questions,
but this does not solve one other problem - intentional blocking of user's account. Anybody can guess your user id by collecting information
from websites, social networks, user forums etc. It is very easy to try name and email address as User Id.
Example: let's try bankofamerica.com and user name Barack Obama, or specifically barackobama.
It doesn't really matter what we enter as password or what answer we give to a security question. All the bad guy needs is entering anything to make the website reject authentication request.
Note: I think we can be pretty sure that the President doesn't use this account, it would be too easy to block access to his financial resources.
After entering incorrect answer to security question or incorrect password multiple times, the website blocks the account.
As mentioned before you can always unblock your account, but having online access to your bank account blocked by another person may be inconvenient at least.
If you are on a business trip or vacation and you are unable to unlock your account, that may be a problem.
We recommend you choose User Id which cannot be guessed by potential hacker/attacker and which resembles more password than user name.
It may be difficult to remeber, but that's where Guarded Key password manager comes to the rescue.
Setup Guarded Key password manager for more secure online banking
Choose unpredictable User Id
- do NOT use you name or email as User Id.
Select different User Id for each bank, if you have accounts in more than one financial institution.
Example: instead of "johndoe", use "John53$Doe871", in fact your name does not have to be part of User Id, example "Hjb7450okHDu".
Use auto-generated password
- password generated by Guarded Key is strong and not predictable.
You can choose alphanumeric + special characters or alphanumeric characters only.
This depends on what characters are supported by the website.
Set password length 12 characters or more
- password length determines number of combinations required when trying to break into the system.
For online banking we recommend 15 - 20 characters if you want to increase security of your online banking.
You can select even much longer password, because when using password manager you don't have to remember it.
Select different password for each bank, if you have accounts in more than one financial institution.
Another issue is possibility of HTTPS cryptoanalysis, when hacker/attacker captures network communication and
later tries to decipher it to find your password. This can only be prevented by the use of security token,
dynamically generated for each session. However this feature has to be supported by the website for online banking.
Read more about Guarded Key Cryptographic Security Token.
Copyright (C) 2011-2016 Robert Janik, Brno, Czech Republic