Most security experts would recommend not using the same password across multiple websites, especially those used on sensitive financial information, but a new study is showing that the majority of Internet users are ignoring that advice.
Security researcher Trusteer reported that 7
3 percent of bank customers use their banking password on multiple websites.
Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites, aid Amit Klein, CTO of Trusteer
When consumers use the same password across multiple sites, hacking becomes trivial.
Hacking into a bank application or can be a complex task due to the various layers of security, hacking into a social network is much easier.
If a criminal breaks into a smaller website with weak security, they could easily take those passwords to the bank sites.
The report also found that when a bank permits users to pick their own user ID, 65 per cent will re-use this username with a non-financial website, a figure that drops to 45 per cent even if a bank chooses the user ID for its customers.
Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users re-purpose their financial service usernames and passwords, explained Klein.
Trusteer's research is based on statistics gathered over a 12 month period from Rapport plug-ins running on more than 4 million computers.
The firm advised consumers to keep at least three sets of credentials: one that's only used with financial websites, the second for websites that hold information about a user's identity, and the third set for other less sensitive websites.