Banking group FNB says it is revisiting its decision to prevent online banking customers from using auto-fill for their passwords, after users sought out third-party avenues to bypass the limitation.
The group recently implemented the new security measure for its internet banking website, where customers are no longer able to save their online banking password in-browser, or have it auto complete through form fillers.
However, the move was met with backlash from inconvenienced clients, who argued that the measure would make their banking profiles less secure as it also blocked services like password vaults and managers.
Clients who use passwords generated by password vaults and managers have complained that they had to revert back to easy-to-remember passwords – replacing the highly secure passwords generated by these systems (which are often random strings of characters, numbers and symbols that are near-impossible to brute force).
Other clients moved to install browser extensions or third-party software to bypass the restrictions imposed by the bank.
Responding to the feedback, Giuseppe Virgillito, head of digital banking at FNB said that the bank would revisit its decision, stressing that installing unauthorised third-party software and browser extensions to bypass the auto-fill restrictions was a very bad idea.
“The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device. Alternatively, it also places users at an increased risk of phishing.
“As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time.”
Virgillito said that the policy was implemented because the group had found that many of its customers were saving passwords in their browsers, which was placing them at risk. This was particularly the case with stolen or unattended devices.
“As a consequence, we strongly discourage customers from storing their banking passwords in their browsers,” he said.
He added that the bank recognises the value of password managers – and doesn’t discourage their use – but needs customers to be aware of the vulnerabilities of storing important passwords on devices or in the cloud.
“Customers need to be aware that should their device be stolen or accessed without their permission, a user who gains access to their cloud storage or password saved on the device will be able to login to their banking and perform transactions. The security and privacy of our customers banking and login information is of paramount importance to us.”
“Decisions regarding security must protect all our customers, in particular the vulnerable. We would like to thank our customers in the technology space for their valued contribution and robust engagement in this matter.”