Why Plain Old Passwords Are Outdated, Weak, and Flimsy

Banks of a bygone era used to be sealed behind physical iron bars and wire cages. Compare that to today, where people are now able to shift large swathes of money online through smart devices that are accessible from virtually anywhere in the world. While online and mobile banking have no doubt made banking more convenient, the inconvenient truth is that they've also made banking less secure.

The act of accessing and infiltrating bank accounts has become much easier now that the points of access are literally right at our fingertips. Unfortunately, banks that only use the thin veneer of password protection are becoming more vulnerable than ever.

According to Panda Security: 80% of hacking-related breaches in 2020 were linked to passwords. According to IBM: in 2020 alone, data breaches cost companies an average of $3.86 million.

Simply put, passwords are flimsy because they are outdated.

Sure, passwords served us well in the past, but that was during a time when we could not even fathom the concept of conducting business and managing our personal lives online. With more data and assets stored online than ever before, passwords can no longer protect us. Continuing to padlock sensitive databases and bank accounts with only a password is akin to securing gold vaults with cable ties.

The evidence is clear: passwords need a system upgrade

One of the reasons why passwords are so weak is because there are simply too many of them to remember.

Research has shown that users go through approximately ten passwords a day, and forget about three per month.

This leads to password fatigue—a phenomenon where users store their passwords in careless ways that make it easy for people with malicious intent to fish for them. Poor password storage practices include recycling of passwords across various platforms, or recording them on sticky notes or unsecured files on personal devices.

Barring a complete overhaul of the digital ecosystem, there is little that we can do to relieve users of password fatigue since online banking websites will continue to request passwords for the sake of security. What we can do to circumvent weak passwords is to create an additional layer of security that blocks unauthorized users—regardless of whether or not they have access to a user’s password.

The day to implement SMS OTP was yesterday

Enter SMS One Time Password (or SMS OTP), also known as two-factor authentication (2FA). It provides additional security safeguards by randomly generating single-use passwords that are sent to a user’s phone. Users need to enter these additional passwords within a certain amount of time in order to access their online banking account.

SMS OTPs typically have a short lifespan that lasts anywhere from 120 to 360 seconds. The time sensitivity of SMS OTPs protects users by making the password invalid after the OTP expires. This means that users remain protected even if their OTPs leak out through neglect or infiltration.

Sounds great—but why does online banking require OTP?

While physical banks still exist, online banking has been growing in popularity. In McKinsey’s Asia Personal Financial Services (PFS) survey 2018, it was revealed that since the previous survey in 2014, digital banking penetration has grown 1.5 to 3 times in emerging Asia with a median of 52%. The median for developed Asian markets is a staggering ~97%.

Since 2018, however, the proliferation of online banking has only been accelerated by the COVID-19 pandemic, which made electronic payments a necessity in order to ensure that people remain socially distanced.

The problem is: it’s very common for online banking users to utilise unsecured networks to make one-off online payments. This is more likely to happen when personal networks are down, or when users are in areas where they have no access to verified networks. Hackers and infiltrators prey on such moments of negligence, and that’s where SMS OTPs come in handy.

As these OTPs are delivered through SMS using telco systems rather than the internet, OTPs remain outside of the realm of unsecured networks, keeping the final key to online bank accounts out of the reach of hackers.

Introducing 8x8’s SMS OTP solution

8x8_SMS_OTP_solution.png

Written with just a few lines of code, 8x8’s SMS OTP solution can be easily integrated into most online banking systems. It has been optimized to match Asia’s complex network environment, allowing it to perform at high speeds from almost anywhere in the world. This means that users will experience minimal delays and lag times between the moment they enter their password and when they receive the OTP.

Our banking clients utilize SMS OTP to:

  • Validate account creation
  • Secure important transactions
  • Curb promotion abuse

With global banking and cross-border transaction volumes at an all-time high, 8x8 also values the importance of keeping systems running around the clock. Not only does our solution have high-quality routing, automated fallbacks, redundancy assurance (thanks to a strong network of telco partnerships), and prioritization of time-sensitive traffic, we also provide round-the-clock email support, so that system errors can be remedied within the shortest time possible.

Security and efficiency aside, 8x8’s SMS solutions can elevate your customers' online banking experience at multiple points within their banking journey. Find out more about the benefits of 8x8’s SMS solution.

Voice OTPs: the inclusive online bank security solution

Voice_OTPs.jpeg

8x8’s SMS OTP solution also goes above the basic 2FA structure to enable OTPs to be read out loud to listeners. Aside from helping people on-the-go, voice OTP ensures tech inclusivity as it extends the benefits of enhanced 2FA security to visually impaired users, and to those with low literacy levels, including individuals with dyslexia. Read more about the importance of tech inclusion.

A major advantage of voice OTP is that it leaves no paper trail for hackers to copy, meaning that the 120 to 360 second window period for hackers to intercept SMS OTPs is effectively taken away.

Security aside, businesses can also utilize 8x8’s Voice API to deliver highly personalized marketing offers, alerts, reminders, and notifications via voice messages. This helps companies expand their reach, as not only does voice help the visually impaired, but it’s the only channel that can reach landline phone customers. Read more about the power of voice in an online world.

Online banking security: more options than ever are available

With online banking numbers expected to grow in the future, it’s more important than ever for the banking industry to reassess their security protocols. Adding a second method of confirming user identity is the obvious first step, but the benefits of voice OTPs should not be overlooked.

There’s also a host of other benefits with deploying SMS and Voice OTPs. SMS has proven to have the highest open rates at 98%, and therefore it can, and should, be utilised across your users' entire banking journey to enhance their experience.

In what’s been dubbed “the new normal,” banks are racing to launch new initiatives, attract new audiences, and most importantly, retain existing customers. Therefore, mitigating mobile banking app security and boosting customer satisfaction should be at the top of your boardroom agenda. To find out more about how 8x8’s solutions can help you achieve that, contact us at hello-cpaas@8x8.com.