FNB has been the subject of its customer’s ire this week after it implemented a measure on its website that prevented users from copying and pasting their passwords into the required fields.

This also resulted in password managers being ineffective forcing folks to type in passwords manually.

In the eyes of FNB people having passwords stored in their browser or password manager was a security risk for customers, so the bank tried to, erm, stop folks from using these tools for their banking, we suppose.

The bank said that because passwords are stored in a browser or accessible through a device via a password manager and this presented a risk should those devices be stolen.

“We have found that a number of our customers save their banking passwords to their browsers. This places customers with stolen or unattended devices at considerable risk. As a consequence, we strongly discourage customers from storing their banking passwords in their browsers,” said FNB’s Head of Digital Banking, Giuseppe Virgillito.

Customers weren’t having any of it though and before long there were ways to circumvent FNB’s security measures. This included outright blocking JavaScript on the FNB website to allow folks to copy and paste their password or have a password manager auto-fill it.

This seemingly forced FNB to backtrack its decision.

“We note with concern the recommendation to install unauthorised software and browser extensions by some users in a bid to circumvent the auto-filling of passwords. The use of this type of software for your banking is strongly discouraged as it places the user at a high risk of introducing malicious software onto their device. Alternatively, it also places users at an increased risk of phishing. As a consequence, hereof, we have decided to revisit the decision to prevent auto-filling of passwords at this time,” said Virgillito.

While we appreciate FNB’s concern for its customers preventing folks from using auto-fill features is bad news. We say this because password managers making managing multiple, strong passwords simple. We use password managers at Hypertext and it means we don’t have to remember 16 character passwords with letters, numbers and special characters. Not having a password manager would mean we’d have to record these details somehow and we aren’t up to the task of building an encrypted storage service that integrates with most browsers and smartphones.

“Decisions regarding security must protect all our customers, in particular the vulnerable. We would like to thank our customers in the technology space for their valued contribution and robust engagement in this matter,” concluded Virgillito.