Written by: Contributor | Best Company Editorial Team
Last Updated: April 13th, 2020
These days, you can't be too careful when it comes to protecting your financial information online. Hackers, ID thieves, malware, and other entities of malicious intent are constantly striving to gain access to sensitive information, be it your login info, bank routing number, credit card data, or your Social Security Number. Consequently, many (but not all) expense tracking providers - particularly those that integrate with your bank account - have made it a priority to provide their users with the best security encryption available. Some of them even boast that they're using "bank-level" security protocol. They throw around numbers like 128, 256, or 2048, and acronyms like SSL, AES, and PCI. But what does it all really mean? And how does it protect your money and your identity?
What Banks Really Use
In the age of online transactions, banks are working hard to provide their clients with the best security protocol available. This extends beyond the simple username/password and security questions you see on your bank's homepage. Banks also employ firewall software as a first line of defense against unauthorized entry, and they are continually updating this software to stay ahead of viruses and identity thieves. In addition to these security measures, banks also implement a certain level of encryption over all of your digital files and online transactions. This essentially encodes all of your information in a way that prevents hackers from easily accessing or deciphering your data.
The standard level of encryption for banks has been identified as 256-bit AES or Advanced Encryption Standard.
128-Bit vs 256-Bit Encryption
But while the standard for all banks is to use 256-bit encryption, some companies elect to use either 256-bit, or 128-bit, and this provokes two big questions:
- Is there a real difference between the two?
- If so, why on earth would companies use only half the encryptions that banks use?
To speak to the first question: yes. 256-bit is exponentially larger than 128-bit. The 256 actually represents the number 2256 an incredibly vast number that lists the possible encryption combinations your financial data has been encoded with. That being said, 128-bit (or 2128) isn't exactly pocket change. It represents approximately 340 undecillion (that's 340 followed by 36 zeros) possible encryption combinations that hackers would have to sort through in order to decrypt your information. In other words, if your expense tracking company is using "only" 128-bit encryption, you're data is completely safe.
So, you might be asking, if 128-bit encryption is sufficient enough to keep my financial information safe, then why do some companies spend the resources to enforce the 256-bit version? Well, part of the reason is for marketing; i.e., if you are choosing between two expense tracking companies, and one of them uses 256-bit while the other uses 128-bit, chances are you'll want to go with the the 256-bit company, because "more is better." Not to say that 256-bit encryption offers no added benefits whatsoever. Using 256-bit encryption is exponentially more difficult for password guessing programs because it routes intruders through a convoluted chain of near-infinite possibilities.
When it comes to choosing a company to help you keep track of your expenses, should the 128-bit encryption be a dealbreaker? Definitely not! But if it's really that important to you, you can rest assured that more and more companies are now adopting the 256-bit key to drive their encryption processes. And most of the businesses still running 128-bit run regular security scans over their software. Remember, when it comes to AES encryption, it's not a matter "good versus bad," but more a matter of "excellence versus excellence (plus added peace of mind)."