HSBC has announced that it plans to encourage users to change their banking security password.

Announcing via its messaging service on the personal internet banking section of its website, it asked users to ‘please change your security number'. It said: “As part of our long term commitment to keeping you safe we are contacting customers who have not changed their personal security number for over a year to help you maintain the maximum possible security of your personal information.

“Despite HSBC's extremely sophisticated defences against fraudsters, we know that simple things like changing passwords and security numbers from time to time give added protection. Regularly updating your personal security number will help keep your account details secure and ensure they are only known to you.”

Kevin Bocek, director of product marketing at IronKey, said: “It is a sign of the times that what stands between a bank account and cyber criminals is six characters and institutions are looking at ways beyond that and to manage security for their clients.”

Asked if banks should join the 21st century and offer one-time passwords and two-factor authentication for the login process, Bocek said: “That is where we should be with internet banking. This was developed ten years ago and there is a need for change not only with technology, but to improve the entire experience. We are at a new stage and we looking at it from a security perspective and it has got to be more than authenticating the user.”

Stephen Howes, CEO of GrIDsure, said: “Once again the banks are putting the burden of security on the poor old end-user who is being asked time and time again to provide login details for just about everything that they do on the web. Not only do they have to try and remember which userID they used for which account they are more often being asked for a unique and complex passcode which they don't have any hope of remembering, then to add insult to injury you are then expected to change it regularly.

“To make the process even more ludicrous so many sites nowadays have a link just below the password field that says ‘Forgot password?' How ironic is that! It is time for the poor beleaguered public to shout ‘stop' and demand better security without added complexity and inconvenience. It is time that organisations stopped for a moment and thought about who they are trying to protect and serve, is it themselves or their customers?”