Is It Safe To Generate a Password For Your Online Banking Account Using a Password Manager?

A few months ago we had a feature about the worst passwords you could use. We believe that users are more or less aware of the importance of a good password because it is used to protect their information from third-party access. However, it is very likely that there are still more users who use weak passwords as opposed to those who employ a password generator to help them come up with strong passwords. Using a password generator is always a good idea because it would save you the trouble of dealing with a ton of complicated information on your own.

Can I Use a Password Generator for My Banking Account?

On the other hand, even if users choose to use a password generator, they might encounter certain situations where utilization of such tool may not be welcome. And we are talking about online banking accounts here. Of course, if you have an online banking account, you know that there are several levels of security before you access your account. And sometimes the passwords you are required to use to protect those accounts can be really complicated. So why not use a password manager?

Well, for starters, there might be certain legal and security issues related to this question. As far as the legal issues are concerned, we have to remember that most of the banks explicitly state that you CANNOT store your banking passwords on your computer. That can actually be one of the clauses in your online banking service agreement. So, if you experience an online theft and later on your bank officials find out that you had your passwords saved in a file on your computer, you may not be entitled to the compensation.

And here we might ask: If I use a password generator, does this count as writing down the password? Well, that depends on your bank’s policies. If the use of a password generator is not mentioned in the clauses of your agreement, you may argue that it is within limits, and you are not going against any policy. What’s more, depending on the type of the password manager that you use, the generated passwords might be stored on a cloud drive, as opposed to your computer. Thus, this could be considered satisfactory by your bank’s security standards.

Points of the Password Manager Use for Individuals

There are certain factors that every individual should consider before they start using a password manager. The National Cyber Security Centre in the UK provides information on those points. For users who care concerned about the security aspects of any password generator, the NCSC says that in general, it is OK to use them because they save a lot of trouble. If you have too many passwords, a reliable password manager like Cyclonis will help you store and manage them without much difficulty.

Instead of carrying a sheet of paper with all of your passwords written down (something you should never do!) or keeping a file with your passwords written down in your mobile device, you can leave it to a password manager. Such a tool will sync all of your passwords across different devices, and you will not have to worry that you cannot access a particular device.

What’s more, password managers are also rather good at recognizing fake websites, and that is EXTREMELY important when it comes to battling phishing attacks. Let’s talk about one recent example, shall we?

Back in April, cyber criminals hacked into the MyEtherWallet service through an infected server. MyEtherWallet is a cryptocurrency service that can be accessed via a web browser. The criminals basically redirected unsuspecting users into a phishing page that looked like the regular interface, and the moment the hackers got the hold of users’ credentials, they flushed more than $150,000 in cryptocurrency. We believe that most of the users did not consider generating MyEtherWallet password with a password manager.

Now, had users generated MyEtherWallet password with a password generator, it is very likely that the password manager would have alerted them about the fake website. Not to mention that users probably had to go through the security notifications before they accessed the fake website. The bottom line is that a password manager is a good way to avoid such attacks. And we can expect users from now on to generate MyEtherWallet passwords to improve the overall security levels. Especially as the service is very eager to remind that they are not a bank.

Are There Any Drawbacks?

Just like anything in this world, password managers have some disadvantages as well. While they can help users avoid phishing scams, the managers might be susceptible to such attacks themselves. What’s more, you usually need to make a master password that keeps all the other passwords under the same umbrella. And you cannot FORGET the master password because it cannot be retrieved. In other words, you cannot use the password generator to create the main password. Security experts suggest coming up with something memorable, but not too weak.

Browser-based password managers may not sync across different devices, especially if they run on different operating systems. Hence, this is where a standalone password manager might be more useful. It would give you more control over your data, but here the importance of the master password would soar up, and you should do everything you can to avoid losing it.

Finally, it might not be possible to use password managers everywhere. Say, cryptocurrency users can easily generate MyEtherWallet passwords, or passwords for any other service. But the NCSC points out that not all banks might support password manager use. So here we come back to our main question.

Is it safe to generate a password for online banking account using a password manager? Yes. It is generally safe, and it saves you a lot of trouble. However, you have to check your online banking agreement or address your bank directly to see whether they allow and support the use of password managers. If your bank does not support it and you get hacked and robbed, the insurance may not cover your losses. Therefore, double-check before employing the service!

June 25, 2018

Leave a Reply