What password-length do you use for online banking?

What password-length do you use for online banking? I turned off public polling, so your answer can't be used against you by hackers.

 

I rely on Microsoft's password strength checker:

http://www.microsoft.com/protect/yourself/password/checker.mspx

 

i try to use charcters like this if possible "¶¥ŒŘЩᄣ‡≥￦⊙"

 

Hello,

I use something between 6-12, depending on the mood. Voted 8.

BTW, how can 'hackers' use this info against people:

1. They do not know the posters' IP - which can be anything. For example, I am posting this from my work place, with traffic filtered via Netherlands and England etc. And only some 300,000 workers worldwide... uh oh.
2. They do not know where they live, who they are or what their bank is.
3. They do not know the account or the password itself.
4. Usually bank account include an extra in identification, like PIN, ID etc.
5. Localized languages and interfaces.

Mrk

 

I have a card reader and certificate so I only have my in code for my visa card (4 digits)

 

Here in sweden the bank that I use have been attacked several times by phishing. They made a fake site so they could get the one time only codes the bank use.
As a customer you have a option to buy a card reader ($15) and log in with your bank card (and a certificate issued by the bank) or you can use one time only codes issued by the bank.
But not many has bought the card reader and it is some of those that has made them selves victims by clicking on a link that goes to the fake site. It was amazing that people fell for it because the spelling in the mail (saying "you have to log in to your account because of whatever") was really bad, made by some low budget translation software.
I believe the bad guys who did this was in Russia, Ukraine or some other former soviet state.
And some attacks where done by some kind of trojans so the bank gave every customer a free AV (Norman Virus Control)

Good for me, I got me a free AV, but the easiest and wisest thing would´ve been to give everyone a card reader and dump the codes.

 

I use Keepass's Password safe's Random password generator and the maxamum length the site allows.

 

Same here.

 

One issue is that some sites (bank included) often force you to use a shorter length password then you might prefer. Some also do not allow characters other than a-z (upper and lower case) and 0-9.

May want to take a look at: SuperGenPass.

 

Hello,
sukarof, you say some people fell for 'phishing' - basically, like someone telling you that a basketball painted green is a watermelon. Well ...
Mrk

 

Mrkvonic, I'm glad you pointed that out. Even if you were to identify your username and the bank where you have a 6-character password I'm not sure that would greatly increase your chances of being hacked!

What are some likely ways someone would steal from your account?

1. By installing a keylogger on your computer.
2. By searching your hard drive for account details.
3. You used the same or a similar password elsewhere.
4. By phishing (e-mail, snail mail, phone)
5. By abusing your trust (partner, family).
6. By abusing their power as a bank employee.
7. By stealing your debit card details after you use it online.
8. By stealing your debit card.
9. By eavesdropping (e-mail, snail mail, phone)

An online password cracking attempt seems unlikely. Even a 6-character alphanumeric password has 56,800,235,584 possibilities, and most banks will lock out your account if there are many failed password attempts.

What if someone trusted by the bank stole the password hashes? Because of this possibility, I use 10+ characters for passwords on any site that has access to my monies. A 6-character alphanumeric password can be brute-force cracked in under an hour with a good laptop and faster with a concerted attack. Why expose yourself to such threats when you don't have to?

I like RoboForm2Go because it protects you from keyloggers and phishing, and makes it easy to use a maximum-length password. Of course, common sense plays a big role, too! Since I'm not an expert at this, I'm really curious what others think about securing their online bank accounts.

 

An analysis report by Kaspersky Labs on keyloggers has this introduction, which is a timely warning for us all to be vigilant and be aware of what we are doing on the 'net:

 

9 characters