One would think that with data as sensitive as our personal finance, the banking industry would want to hold our log-in credentials to high standards. I would expect when I access my personal bank account, I would be required to have a longer password and multiple character sets. To test this theory, I went to the password requirements page of five well known banks. To my surprise, here are the results:
The password requirements are so relaxed that the following passwords would be allowed at each bank:
JPMorgan Chase: Mychildsname
Bank of America: letmein1
Wells Fargo: Abc123
BB&T: Summer2015
US Bank: Password1
Hackers have numerous tools readily available to hack passwords. With the simplicity of the previously mentioned password requirements, all of these passwords can be hacked by just the means of guessing!
This should pose a question in the mind of many consumers – “If the banking and finance industry is allowing bare minimum password requirements for users to access their personal data, what type of password policy are they allowing for their employees?”