Action required: Your passwords are expiring

With the notable exception of hackers and thieves, no one likes passwords. Creating and managing unique, secure, complex passwords across multiple systems can be a nightmare, which can make password resets as common for many users as remembering and entering the correct credentials.

Password managers have become such a recognized need that modern web browsers now include them by default. But not everyone uses them, and they carry their own risks due to malicious browser extensions and other malware. Users attempting to simplify password management such as using the same user ID and password for everything or leaving credentials plainly visible, perhaps on a post-It note stuck to the side of a monitor, carry enormous risk.

Bad password hygiene is one of the largest contributors to account takeover (ATO) and data breaches. According to Verizon’s 2022 Data Breach Investigations Report, almost half of data breaches involve stolen credentials. Multifactor Authentication (MFA) helps prevent ATO, but the common MFA methods have increasingly also been the targets of bad actors, and bespoke tools to defeat MFA can be purchased cheaply. Big Tech is already building a passwordless future and bank IT leaders are eager to join in.

The technology is readily available and affordable. The question is: why aren’t banks being more aggressive?


continue reading »