February 03, 2010
Two thirds of internet users reuse online banking credentials – research
Incredible! Given the amount of press that is given to Phishing, trojans, and other means of online banking fraud, you might expect that customers would be sensitive to account security issues. It appears human nature overrides the considerations of security.
What can we learn from the research that we can apply to safe web surfing?
- Create diversity in your online credentials. Do not reuse sensitive credentials across multiple sites and particularly with non-sensitive sites (e.g. using your online banking credentials for social sites or web mail).
- Maintain diversity between sensitive credentials. Do not use the same password between multiple transactional sites (banking, shopping sites, etc.).
- Protect both the User ID and the password for sensitive credentials.
Here are a few details from an article on this research:
- "... 73 percent of bank customers use their online account password to access other websites, and that 47 percent use both their online banking user ID and password to login elsewhere on the internet."
- "... this widespread reuse of online banking credentials is being exploited by criminals who have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud."
- "... when a bank allows users to choose their own user ID, 65 percent of users share this ID with nonfinancial websites."
- "... when a bank chooses the user ID for its customers, 42 percent of customers use the bank issued user ID with at least one other website."