cancel
Showing results for 
Search instead for 
Did you mean: 

The Risk of Weak Online Banking Passwords

Estimate your FICO® Score range for free

FICO® Score Estimator

Auto Loans for ANY Credit Situation. Immediate Response.
Advertiser disclosure
Established Contributor

The Risk of Weak Online Banking Passwords

2-Factor Auth doesn't protect your accounts... if the banks allow it to be bypassed.

 

From Krebs on Security: https://krebsonsecurity.com/2019/08/the-risk-of-weak-online-banking-passwords/

 

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

[...]

A number of banks that do offer customers multi-factor authentication — such as a one-time code sent via text message or an app — have chosen to allow these aggregators the ability to view balances and recent transactions without requiring that the aggregator service supply that second factor.

[...]

But beyond targeting customers for outright account takeovers, the data available via financial aggregators enables a far more insidious type of fraud: The ability to link the target’s bank account(s) to other accounts that the attackers control.

That’s because PayPal, Zelle, and a number of other pure-play online financial institutions allow customers to link accounts by verifying the value of microdeposits. For example, if you wish to be able to transfer funds between PayPal and a bank account, the company will first send a couple of tiny deposits  — a few cents, usually — to the account you wish to link. Only after verifying those exact amounts will the account-linking request be granted.

[...]

 

EQ8:850 TU8:849 EX8:847
EQ9:850 TU9:848 EX9:850
EQ5:809 TU4:791 EX2:806 - 2019-08-15
Message 1 of 2
1 REPLY 1
Frequent Contributor

Re: The Risk of Weak Online Banking Passwords

I always upvote Krebs.

 

Everyone should also check out the article above that one titled "Who Owns Your Wireless Service? Crooks Do".

 

Relying on SMS for 2-factor authentication has been dangerous for a long time. It's much better to use an authenticator app on the phone, if the bank offers that option.

27 FICO Scores + 3 VS3. MTG (Mortgage), AUT (Auto), and BKC (Bankcard) are scores 5,4, and 2 from the top.
Message 2 of 2
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.