FNB has quickly backtracked on blocking password managers - after its customers installed software to circumvent the ban

fnb

• FNB backtracked on its ban of password managers. 
• This after consumers voiced their frustration with the ban, and were locked out of their accounts. 
• Cybersecurity experts said the ban went against industry best practices, as it forced consumers to adopt passwords they find easier to remember.  
• For more stories go to www.businessinsider.co.za.

First Nation Bank (FNB) will again allow consumers to use password managers after banning its use last week due to security concerns. 

This after hundreds of consumers turned to social media to voice their frustration with the new rules, which resulted in several consumers being locked out of their accounts. 

The move also received widespread criticism from cybersecurity experts, including acclaimed Australian web security expert Troy Hunt. 

Password managers help to create randomised passwords for websites, while users only have to remember one master password. 

FNB head of Digital Banking Giuseppe Virgillito said the bank noted with concern the online recommendations to install software to circumvent the ban on auto-filling of passwords. 

“The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device,” Virgillito said. 

“As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time.” 

Hunt said FNB took an “absolutely ridiculous” position with its ban on password managers which goes against industry best practice. 

“Password managers enable users to achieve two fundamentally important password objectives, strength and uniqueness, because passwords can be generated as random strings of text,” Hunt told Business Insider South Africa. 

Also read: How the new Discovery Bank’s prices compare to Absa, Standard Bank, Nedbank, and FNB

FNB’s Virgillito said they found a number of their customers save their banking passwords to their browsers which places them at risk when devices are stolen or left unattended. 

“Customers need to be aware that should their device be stolen or accessed without their permission, a user who gains access to their cloud storage or password saved on the device will be able to login to their banking and perform transactions,” Virgillito said. 

Cape Peninsula University of Technology (CPUT) lecturer Nyx McLean said a block on password managers may force users to opt for simpler passwords to better recall them. 

“Clients may also then store their passwords the way they did before password managers – on scraps of paper, on their computers, or on their mobile device’s notes app,” McLean told Business Insider South Africa. 

“The risks don’t seem worth this move, and they may have overall negative consequences for the brand’s reputation.” 

Receive a daily email with all our latest news: click here.

Also from Business Insider South Africa:

• Capitec has been preparing for the new debt bill: Only a fraction of its loans are to people who earn less than R7,500.
• Local ambulances can now use three random words to get within three metres of you – here’s how to find your code
• There was a voting bungle at Virgin Active's owner - it made billionaire Christo Wiese seem less unpopular than he actually is
• Exporting rabbit meat could mean big bucks for small SA farmers. Here's advice on how to get started.
• Municipalities will be required to ‘map’ off-grid electricity users for a national database under new draft rules