Three quarters of people reuse bank password
By Barry Collins
Posted on 2 Feb 2010 at 11:16
Almost three quarters of people reuse their online banking password on other sites, according to new research.
Security services firm, Trusteer, claims that 73% of people use their online banking password on other non-financial websites. Almost half (47%) use both their bank login and password on other websites.
Trusteer collected the data using its Rapport browser-security software, which warns user when they attempt to reuse their online banking credentials on other websites. The study was based on a sample of four million users and conducted over the course of a year.
Hacking a bank's database is impossible, probably. Hacking a grocery store's website is a physical target for fraudsters to go after.
Reusing bank logins and passwords is poor security practice, potentially allowing hackers to break into bank accounts after hacking other websites or services, such as webmail accounts or instant messaging.
"Fraudsters go after the weakest link," Amit Klein, chief technology officer at Trusteer, told PC Pro. "When you share banking credentials with a less secure site, that site becomes the weakest link."
"Banks do have a lot of security measures," he added. "Hacking a bank's database is impossible, probably. Hacking a grocery store's website is a physical target for fraudsters to go after."
Klein said banks are increasingly relying on more than login and passwords to validate visitors to their sites, but claims it would be futile for banks to issue their own logins and passwords to avert the risk of customers reusing existing credentials. "Users would use the bank-issued ID on other sites," he claimed.
From around the web
WHAT!
What in the hell is Trusteer collecting the data using its Rapport browser-security software for?
By TheGMan on 2 Feb 2010 
I am so glad that I use a password manager. I now have more than 120 passwords none of which I can remember, as they are all 20 digit randomly generated, and all different from each other. Before that I had only a few which meant that I was at risk.
By Amnesia10 on 2 Feb 2010
@ TheGMan
One presumes the company was simply counting the amount of people that were issued a security warning by their software, rather than actually looking at their passwords.
By Mark_Thompson on 2 Feb 2010
@Mark_Thompson
If Trusteer are only counting the number of warning msgs issued, then how do they know that users are entering a bank related pswd into a non-financial site?
By emteec on 3 Feb 2010
@Amnesia10
What happens when your password manager is hacked?
By monged on 4 Feb 2010
Re-use Bank Passwords
All the Banks I use have at least two levels of security and the passwords are entirely numeric, which tend not to be used elsewhere, so I don't quite see the problem!?
By dgkelly1 on 4 Feb 2010
For a secure password manager look at IronKey
By Chrisandrea69 on 4 Feb 2010
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk