What password-length do you use for online banking?

Discussion in 'polls' started by wantsprotection, Jun 23, 2007.

?

What password-length do you use for online banking?

  1. 5 or fewer characters

    1 vote(s)
    3.8%
  2. 6 characters

    1 vote(s)
    3.8%
  3. 7 characters

    1 vote(s)
    3.8%
  4. 8 characters

    4 vote(s)
    15.4%
  5. 9 characters

    3 vote(s)
    11.5%
  6. 10 characters

    3 vote(s)
    11.5%
  7. 11 characters

    1 vote(s)
    3.8%
  8. 12 characters

    2 vote(s)
    7.7%
  9. 13 characters

    0 vote(s)
    0.0%
  10. 14 characters

    0 vote(s)
    0.0%
  11. 15 or more characters

    0 vote(s)
    0.0%
  12. As many characters as each site allows.

    10 vote(s)
    38.5%
Thread Status:
Not open for further replies.
  1. wantsprotection

    wantsprotection Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    35
    What password-length do you use for online banking? I turned off public polling, so your answer can't be used against you by hackers.
     
  2. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
  3. MR X

    MR X Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    15
    i try to use charcters like this if possible "¶¥ŒŘЩᄣ‡≥₩⊙";)
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,

    I use something between 6-12, depending on the mood. Voted 8.

    BTW, how can 'hackers' use this info against people:

    1. They do not know the posters' IP - which can be anything. For example, I am posting this from my work place, with traffic filtered via Netherlands and England etc. And only some 300,000 workers worldwide... uh oh.
    2. They do not know where they live, who they are or what their bank is.
    3. They do not know the account or the password itself.
    4. Usually bank account include an extra in identification, like PIN, ID etc.
    5. Localized languages and interfaces.

    Mrk
     
  5. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have a card reader and certificate so I only have my in code for my visa card (4 digits)
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Here in sweden the bank that I use have been attacked several times by phishing. They made a fake site so they could get the one time only codes the bank use.
    As a customer you have a option to buy a card reader ($15) and log in with your bank card (and a certificate issued by the bank) or you can use one time only codes issued by the bank.
    But not many has bought the card reader and it is some of those that has made them selves victims by clicking on a link that goes to the fake site. It was amazing that people fell for it because the spelling in the mail (saying "you have to log in to your account because of whatever") was really bad, made by some low budget translation software.
    I believe the bad guys who did this was in Russia, Ukraine or some other former soviet state.
    And some attacks where done by some kind of trojans so the bank gave every customer a free AV (Norman Virus Control)

    Good for me, I got me a free AV, but the easiest and wisest thing would´ve been to give everyone a card reader and dump the codes.
     
  7. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I use Keepass's Password safe's Random password generator and the maxamum length the site allows.
     
  8. EASTER.2010

    EASTER.2010 Guest

    Same here.
     
  9. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    One issue is that some sites (bank included) often force you to use a shorter length password then you might prefer. Some also do not allow characters other than a-z (upper and lower case) and 0-9.

    May want to take a look at: SuperGenPass.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    sukarof, you say some people fell for 'phishing' - basically, like someone telling you that a basketball painted green is a watermelon. Well ...
    Mrk
     
  11. wantsprotection

    wantsprotection Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    35
    Mrkvonic, I'm glad you pointed that out. Even if you were to identify your username and the bank where you have a 6-character password I'm not sure that would greatly increase your chances of being hacked!

    What are some likely ways someone would steal from your account?

    1. By installing a keylogger on your computer.
    2. By searching your hard drive for account details.
    3. You used the same or a similar password elsewhere.
    4. By phishing (e-mail, snail mail, phone)
    5. By abusing your trust (partner, family).
    6. By abusing their power as a bank employee.
    7. By stealing your debit card details after you use it online.
    8. By stealing your debit card.
    9. By eavesdropping (e-mail, snail mail, phone)

    An online password cracking attempt seems unlikely. Even a 6-character alphanumeric password has 56,800,235,584 possibilities, and most banks will lock out your account if there are many failed password attempts.

    What if someone trusted by the bank stole the password hashes? Because of this possibility, I use 10+ characters for passwords on any site that has access to my monies. A 6-character alphanumeric password can be brute-force cracked in under an hour with a good laptop and faster with a concerted attack. Why expose yourself to such threats when you don't have to?

    I like RoboForm2Go because it protects you from keyloggers and phishing, and makes it easy to use a maximum-length password. Of course, common sense plays a big role, too! Since I'm not an expert at this, I'm really curious what others think about securing their online bank accounts.
     
    Last edited: Jun 24, 2007
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    An analysis report by Kaspersky Labs on keyloggers has this introduction, which is a timely warning for us all to be vigilant and be aware of what we are doing on the 'net:
     
  13. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    9 characters
     
Loading...
Thread Status:
Not open for further replies.