UK banks use poor authentication and web security

Many UK banks have adopted TEXT/SMS-based one-time codes to comply with the EU Payment Services Directive (PSD2). Unfortunately, this happened at a time when the cybersecurity industry was moving away from this type of multi-factor authentication due to SIM card swapping and other weaknesses. Therefore, getting a bad security review is not really surprising. What’s surprising is how many people think it’s okay to completely ignore password security and pin their hopes on multifactor.

…..Read more

Many UK banks have adopted TEXT/SMS-based one-time codes to comply with the EU Payment Services Directive (PSD2). Unfortunately, this happened at a time when the cybersecurity industry was moving away from this type of multi-factor authentication due to SIM card swapping and other weaknesses. Therefore, getting a bad security review is not really surprising. What’s surprising is how many people think it’s okay to completely ignore password security and pin their hopes on multi-factor authentication when weak passwords are used like the one of these factors. This effectively reduces the multifactor to a single factor.

Contrary to perception, passwords can be used relatively securely, so if they are used, they should be kept safe – or they should not be used at all. The reality is that a “complex” password is not a “secure” password; Just because it has a number and an exclamation point doesn’t mean it hasn’t been phished, leaked online, or reused 10,000 times, that’s where the real-world problems arise. These risks can be mitigated but usually are not.

Read less

Comments are closed.