Password strength


#1

It is astonishing that my online banking, which should be the most secure of all my online activities, will not allow me to select a strong password.  The password restrictions (maximum 8 characters with letters and numbers only) are a joke when it comes to security.  My password is as strong as it can be, given the restrictions, but even facebook tells me its strength is “medium” if I try to use that password on their site.


#2

This was something that interested me at the time - and the main reason as to why I chose to have Netguard on my BNZ account.

Also, some may find this Link useful (as well as funny) - https://xkcd.com/936/


#3

Hi @gmandeno and @Mitglied,

Stronger passwords are on the radar and coming in the future.

However, rest assured, your banking is secure. After four incorrect password attempts you will get locked out. There are currently over 200 trillion password combinations a customer can select from. So, the chances of someone guessing your password in four attempts are incredibly slim.

We also use second factor authentication, for all online banking, to give an even higher level of security.

Cheers,
Eric


#4

This change suggested is similar to the same concern expressed mid 2015 by “kaybos?”.

I looked at Internet Banking Help today (17 Nov 2016) and whilst it tells one how to rest their password and suggests methodology there is no mention of permitted length. This suggests that the 8 digit restriction has not been addressed.
Neil


#5

Hi @NeilF784,

You’re correct, the password rules have not changed. We are working on a project that will address this. The 8 character limit will be increased in the first half of next year, along with some other login enhancements.

Cheers,
Eric


#6

Hello @Eric,
I am attending a FINSIA seminar Thursday 2nd March and would like to have an update on the strengthening password programme.


#7

HI Neil,

This is part of a larger Single Sign-on project, we are working on it now, however it is a big piece of work. Will be delivered this year.

Cheers,
Eric


#8

What happened to this project. When will we be able to use passwords that we want to use.


#9

Yes - good question, James - it seems that “first half of next year” became “later this year” and has now become “last year”.

Cheers, Graham


#10

Hi @gmandeno,

Sorry, It has taken a longer than we would have liked, but the delivery is now weeks away.

Cheers,
Eric


#11

Hi @gmandeno,

I’m very happy to let you know that longer passwords are here!

Cheers,
Eric


#12

Woohoo! Thanks, Eric. My banking password is now stronger than my Facebook one :slight_smile:


#13

I agree it is longer but i highly doubt it is stronger than facebook. They utilise many techniques to find who you are. Where as BNZ uses a grid (or device), and your password(pin).

Now the question is do we really need passwords?
Or we need better algorithms?

In anycase SSO dor banking NoNoNo