Password pushovers, your name is legion. You know who you are. And so, according to a Web security company, do those who have no business in your business!
Virtual cop Trusteer says 73 percent of bank customers use their online account password to access other Web sites, and 47 percent use both their online banking user identification and password to login elsewhere on the Internet.
These findings are based on a sample of more than 4 million users of the Trusteer’s Rapport browser security service, many of whom are customers of leading North American and European banks.
The sloppy care of passwords and user IDs is making it profitable for Internet bandits to prowl for login credentials from less secure sources, such as Web mail and social network sites, Trusteer says. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.
“Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords," said Trusteer executive Amit Klein, head of the company’s research organization. "Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple Web sites."
The company recommends that consumers create three sets of credentials:
1. A set for financial Web sites only
2. A set for nonfinancial, but sensitive, sites
3. A set for nonconfidential sites.
For most, remembering a user identification is easy. It’s the password that creates problems. Microsoft Online Safety recommends having passwords of 14 characters created by using the whole keyboard.
For more advice, go to microsoft.com/protect/fraud/passwords. (Click here to connect.)