- FNB backtracked on its ban of password managers.
- This after consumers voiced their frustration with the ban, and were locked out of their accounts.
- Cybersecurity experts said the ban went against industry best practices, as it forced consumers to adopt passwords they find easier to remember.
- For more stories go to www.businessinsider.co.za.
First Nation Bank (FNB) will again allow consumers to use password managers after banning its use last week due to security concerns.
This after hundreds of consumers turned to social media to voice their frustration with the new rules, which resulted in several consumers being locked out of their accounts.
So @FNBSA new password requirements means my accounting software (@Xero) cannot automatically get bank feeds anymore.
— Ruan van der Walt (@Roovdwalt) August 20, 2019
FNB is making it difficult to run my business now.@Rbjacobs pic.twitter.com/NPPTqiEI3u
Hello there, While the Bank appreciates the useful role that password managers play and accept that you can make use of this for your other apps and systems, we caution you against the use of a password manager for your banking.
— RbJacobs (@Rbjacobs) August 19, 2019
The move also received widespread criticism from cybersecurity experts, including acclaimed Australian web security expert Troy Hunt.
Uh, South Africa, what’s going on over there?! https://t.co/fRvvKHJbhJ
— Troy Hunt (@troyhunt) August 19, 2019
Password managers help to create randomised passwords for websites, while users only have to remember one master password.
If you guys want to get around the password manager block for the @FNBSA website, use an adblocker to block pilot.js. The script literally detects if you've pasted something into the fields and then displays the warning and clears the field. If you're serious, FNB, use TFA
— Grant Visser (@ICantSeeSharp) August 20, 2019
Don't worry fella, I circumvented FNB's stupidity by using the browser extension for my password manager (most have one). 1Password desktop is also able to simulate keystrokes, but I've never needed it for web pages.
— Jonathan C Dickinson ????? (@jcdickinson) August 20, 2019
FNB head of Digital Banking Giuseppe Virgillito said the bank noted with concern the online recommendations to install software to circumvent the ban on auto-filling of passwords.
“The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device,” Virgillito said.
“As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time.”
Hunt said FNB took an “absolutely ridiculous” position with its ban on password managers which goes against industry best practice.
“Password managers enable users to achieve two fundamentally important password objectives, strength and uniqueness, because passwords can be generated as random strings of text,” Hunt told Business Insider South Africa.
Also read: How the new Discovery Bank’s prices compare to Absa, Standard Bank, Nedbank, and FNB
FNB’s Virgillito said they found a number of their customers save their banking passwords to their browsers which places them at risk when devices are stolen or left unattended.
“Customers need to be aware that should their device be stolen or accessed without their permission, a user who gains access to their cloud storage or password saved on the device will be able to login to their banking and perform transactions,” Virgillito said.
Cape Peninsula University of Technology (CPUT) lecturer Nyx McLean said a block on password managers may force users to opt for simpler passwords to better recall them.
“Clients may also then store their passwords the way they did before password managers – on scraps of paper, on their computers, or on their mobile device’s notes app,” McLean told Business Insider South Africa.
“The risks don’t seem worth this move, and they may have overall negative consequences for the brand’s reputation.”
Receive a daily email with all our latest news: click here.
Also from Business Insider South Africa:
- Capitec has been preparing for the new debt bill: Only a fraction of its loans are to people who earn less than R7,500.
- Local ambulances can now use three random words to get within three metres of you – here’s how to find your code
- There was a voting bungle at Virgin Active's owner - it made billionaire Christo Wiese seem less unpopular than he actually is
- Exporting rabbit meat could mean big bucks for small SA farmers. Here's advice on how to get started.
- Municipalities will be required to ‘map’ off-grid electricity users for a national database under new draft rules