Several major banks don’t use case-sensitive passwords.
It turns out several leading US banks do not require case-sensitive passwords, which could make it easier for someone to access your account.
A thread on Reddit on Friday pointed out that Wells Fargo, the third largest bank in the US, doesn’t require its customers to enter a case-sensitive password. Other users confirmed the issue, whereas other banking customers began checking their own accounts and noted that Wells Fargo isn’t the only banking giant to follow such a policy.
Length [of passwords] trumps any other password parameters,” he said.
He gave an example: The number five, typed out 248 times. “In most cases [it’s] a good password, but most systems won’t accept you trying to use it,” he said.
In other words, a lack of case sensitivity is not necessarily a bad thing on its own, but adding it together with other poor security requirement factors could lead to serious problems.
There are a number of theories about why banks in particular still use case insensitive passwords. The most common one is that many older banks will be running decades-old back-end systems, which in many cases don’t support case-sensitive passwords.
On the bright side, most banks — including Chase and Capital One — allow two-step security, so even if someone has your password, they still need to jump through several other hoops in order to log into your online bank accounts.
If you haven’t set up two-step already, now might be a good time.
Stop using ‘123456’ as your password