Skip to content

Requirements for Changing Online Passwords

Answered by: 

Question: 
Our examiners made the bank change customers passwords to expire on online banking every 60 days. Of course, customers do not like this. Can you tell me what the requirements are on this?
Answer: 

I cannot tell you where customers are required to change passwords with this frequency and that is a question for the examiner's stating it is a requirement.

The FFIEC guidance requiring the periodic change of passwords applies to the bankers, not the customers. While we may all agree it is a good practice to change passwords, when they change this frequently and if you also prohibit re-use of passwords, your customers are more likely to write them down - which doesn't help many security issues, or to drop your bank because an occasional user is more likely to get locked out regularly having forgotten the password.

First published on 06/21/2020

Filed under: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics