Nedbank confirmed that it has disabled the ability for users to copy-and-paste their username and password into the bank’s login portal.
A reader alerted MyBroadband to the fact that they could no longer copy-and-paste their details onto the Nedbank website.
According to the reader, this has been the case since Nedbank updated its online banking website.
Nedbank’s Head of Digital Channels Tawanda Chatikobo said that the move is temporary, and was done with customer security in mind.
“Nedbank has temporarily disabled password autofill and copy and paste capabilities on its Online Banking platforms. This is to allow us to resolve potential security vulnerabilities, and to ensure there is no negative impact on clients,” said Chatikobo.
“The temporary disablement is being done with customers in mind, to ensure Nedbank’s platforms remain secure and trustworthy at all times.”
Chatikobo did not say how long the measure would be in place.
Controversy around autofill and password managers
Nedbank is not the first South African bank to disable copy-and-paste password managers on their website.
FNB controversially blocked these password managers in August, claiming that the decision was made to ensure that users’ passwords remained secure.
“All stored passwords on your device can be viewed during a malware attack. Passwords can be easily accessed on your unattended/unlocked/stolen device,” said FNB.
Prominent security experts such as “Have I Been Pwned?” creator Troy Hunt were heavily critical of FNB’s decision, saying that it negatively affected user security.
This is because users would be forced to use simpler passwords which they can remember, which makes it exponentially easier for hackers to crack their credentials.
“We note with concern the recommendation to install unauthorised software and browser extensions by some users in a bid to circumvent the auto-filling of passwords,” said FNB head of digital banking Giuseppe Virgillito.
“The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device.”
“Alternatively, it also places users at an increased risk of phishing. As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time,” said Virgillito.