cancel
Showing results for 
Search instead for 
Did you mean: 

The Risk of Weak Online Banking Passwords

tag
iv
Valued Contributor

The Risk of Weak Online Banking Passwords

2-Factor Auth doesn't protect your accounts... if the banks allow it to be bypassed.

 

From Krebs on Security: https://krebsonsecurity.com/2019/08/the-risk-of-weak-online-banking-passwords/

 

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

[...]

A number of banks that do offer customers multi-factor authentication — such as a one-time code sent via text message or an app — have chosen to allow these aggregators the ability to view balances and recent transactions without requiring that the aggregator service supply that second factor.

[...]

But beyond targeting customers for outright account takeovers, the data available via financial aggregators enables a far more insidious type of fraud: The ability to link the target’s bank account(s) to other accounts that the attackers control.

That’s because PayPal, Zelle, and a number of other pure-play online financial institutions allow customers to link accounts by verifying the value of microdeposits. For example, if you wish to be able to transfer funds between PayPal and a bank account, the company will first send a couple of tiny deposits  — a few cents, usually — to the account you wish to link. Only after verifying those exact amounts will the account-linking request be granted.

[...]

 

EQ8:850 TU8:850 EX8:850
EQ9:847 TU9:847 EX9:839
EQ5:797 TU4:807 EX2:813 - 2021-06-06
Message 1 of 2
1 REPLY 1
Anonymous
Not applicable

Re: The Risk of Weak Online Banking Passwords

I always upvote Krebs.

 

Everyone should also check out the article above that one titled "Who Owns Your Wireless Service? Crooks Do".

 

Relying on SMS for 2-factor authentication has been dangerous for a long time. It's much better to use an authenticator app on the phone, if the bank offers that option.

Message 2 of 2
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.