UK Banks Using Poor Authentication And Web Security

It has been reported that some UK banks are letting their customers down with poor authentication and web security issues, according to a consumer rights group. Which? once again teamed up with independent security consultants 6point6 to appraise the “front-end” security of 15 current account providers. It looked at four criteria: encryption and protection, login, account management and navigation.

Experts Comments

January 14, 2022
Steven Hope
CEO and co-founder
Authlogics

Many UK banks adopted TEXT/SMS based One-Time-Codes as a way to comply with the EU Payments Services Directive (PSD2). Unfortunately, this happened at a time that the cyber security industry was moving away from this type of multi-factor authentication due to SIM swapping and other weaknesses so, getting a poor security review is not really surprising. What is surprising is how many people think that is it ok to completely ignore password security and pin their hopes on multi-factor

.....Read More

Many UK banks adopted TEXT/SMS based One-Time-Codes as a way to comply with the EU Payments Services Directive (PSD2). Unfortunately, this happened at a time that the cyber security industry was moving away from this type of multi-factor authentication due to SIM swapping and other weaknesses so, getting a poor security review is not really surprising. What is surprising is how many people think that is it ok to completely ignore password security and pin their hopes on multi-factor authentication when weak passwords are used as one of those factors. That effectively reduces multi-factor back down to single-factor.

Contrary to perception passwords can be used in a relatively secure way, so if they are used they should be kept secure - or they should not be used at all. The reality is that a “complex” password is not a “secure” password; just because it has a number and an exclamation mark doesn’t mean it hasn’t been phished, leaked online or reused 10,000 times, which is where the real-world problems arise. These risks can be mitigated but typically aren’t.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.