Can you use a password manager for internet banking?

/in


Recently, there was a discussion thread on LinkedIn suggesting you can’t use a password manager for internet banking. Why exactly wasn’t quite clear, but it seemed to be an interpretation of “memorising” the passphrase versus writing it down.

This seemed odd, as password managers are everywhere, from web browsers to standalone apps, and built into operating systems. Security researchers recommend using password managers, and to be honest, with the ever-growing number of logins for services and apps, how could anyone survive without one? 

Furthermore, how would a bank know that you’re using a password manager?

It is an important point to clarify though, so I asked ASB. A spokesperson for the bank sent this response:

Under ASB’s Terms and Conditions, our customers must take responsibility for and protect their personal information and Security Credentials, such as PINs, log-in and password details. 

Security Credentials should remain confidential to each customer and should be memorised, must not be written down or disclosed to anyone else. If a customer suspects their Security Credentials have been disclosed to another person, this must be reported as soon as the customer is aware or suspects the information has been compromised.

CERT NZ recommends using a password manager to keep data safe and protect passwords. We are supportive of using reputable password managers that encrypt data, alongside the other safety measures outlined by CERT NZ.

That’s commonsense from both ASB and the government Computer Emergency Response Team (CERT).

If your bank grinds its gears over password manager use, it’s a sign they haven’t kept up with the times and should rethink their opposition to a tool that can enhance customer security.

How do password managers enhance security then? Any sensible service provider will set a password policy for access that requires a reasonably complex “Open Sesame” phrase that’s difficult to guess, or crack as information security pros call it. If they don’t, go somewhere else.

Now, if you want to make it harder for miscreants to guess your password, take a look at the below table:

As a related aside, a properly configured access system will slam…

Source…