Even the staunch believers of technology have had at least one unsettling thought about net banking. Or had a sleepless moment in the middle of the night, starting with 'what if'.
Yet another pain point of online banking customers was recently highlighted by photographer and chef Madhu Menon on his social media acccount. "Kotak Bank has a new Netbanking interface for all of its users. But the new interface does not support password managers or password pasting. I won't use it. It's an asinine design decision," he says in the post which continues, "You want people to reuse passwords? GAH! My passwords look like this 6&uEsN@7Cspci5^UAR*g."
The thread further continues, "And if Kotak makes this design the default interface, I will immediately move my business elsewhere. This kind of thing would just be too painful for me to use. I'm not about to start using a password from elsewhere." But why? You question, why is disabling password pasting bad?
Password managers and password pasting
So what is password pasting and what are password managers? More importantly, why is disabling password pasting a bad thing?
Password managers generate strong passwords (the kinds that typically can't be generated by users themselves), store them securely and then automatically paste them into password fields whenever users need to log in.
There's been a lot of debate and noise over password pasting in the recent past.
A lot of websites prevent pasting passwords. The most often cited reason is security. In fact, National Cyber Security Centre UK has said that in fact, stopping password pasting reduces security. Why? Because then users will invariably come up with passwords like, "Brian1997", which can't be a good thing right?
Never reuse passwords. Ever.
The thread goes onto say, how reusing passwords is the worst thing. Wherein one password used for a particular login on a site is used again for some other login. "Because websites are regularly breached. Passwords and hashes dumped in the open. If you use the same password for your bank as you used on example.com and that's potentially breached, somebody potentially has a login they could try on your bank."
Remember, the only secure password is the one you can't remember
Even if one were to not reuse passwords and use a different one for each login, what is the probability one would come up with a password like S7Ca#2*ZnY&8^bNvXnahL? Next to NIL. The password manager remembers this password for the user and since it's encrypted it takes care of the security issue. The user just has to remember one master password to unlock their vault of safe and secure passwords.
Disabling password pasting means…
Someone somewhere is coming up with passwords like "godbless2020." How secure can that be? What's the way out? Signing in through OTP, yes. Or maybe breaking down the phrase "what_ever_will_be_will_be". The ideas and debates both are open.
But certain banks' decision to disable pasting of passwords only encourages users to reuse passwords. No one wishes to create a new password everytime one tries to log in or worse, block the account with multiple failed attempts.