ASB online banking 'quirk' raises password safety issues

NZME.

30 Oct, 2015 06:22 AM2 mins to read

The situation allowed some ASB online banking customers to add any text after old passwords, which were not case-sensitive, and still log in. Photo / Getty Images

An online banking quirk had some customers in a flap about local online banking services this morning.

The situation allowed some ASB online banking customers to add any text after old passwords, which were not case-sensitive, and still log in.

The issue was raised on social media this morning.

Some Reddit website users felt it was a serious security concern, and were outraged.

Others said although password security could perhaps be better, it was ultimately not a security risk.

"This 'quirk' discussed on Reddit is not a surprise," a spokeswoman for the bank said this afternoon.

"It is also not a security concern as ASB maintains multiple layers of security within our digital channels to protect our customers."

ASB said it improved its password system in May, to let customers choose passwords longer than 8 characters.

The new system had "increased complexity including case-sensitivity," the spokeswoman added.

"This change also introduced a real-time password strength meter to help customers when they select a new password."

The quirk only applied to eight-character passwords created before May 23.

"Customers can choose to change and increase the complexity of their password at any time from the My Settings menu at the top right of FastNet Classic," she added.

"As part of good security practice ASB continues to recommend that customers change their password regularly or immediately if they have any concerns it may have compromised."

Netsafe executive director Martin Coker told NZME News Service it was an unusual situation but not a security risk.

This, Mr Coker said, was because if users had a strong password, it'd be no easier for someone to sneak into their online banking account.