Recently it was revealed that the most popular password for online sites is ‘123456.’ Not exactly Dan Brown-level cryptography. Even more eye-opening is that consumers aren’t even careful with the stuff that’s really vulnerable – their bank passwords. Seventy-three percent of people reuse their bank passwords on other, non-financial, sites, according to online security firm Trusteer (PDF). Forty-seven percent use both their banking password and user ID on nonfinancial sites. This just makes it too easy for criminals, who can hack into less-secure sites like email or social networks to get bank passwords or other sensitive information. While some institutions try to increase users’ protection by choosing unique IDs for them, 42 percent of those users end up using that unique ID with at least one nonfinancial site. Sixty-five percent of users who create their own unique user name use that name on at least one nonfinancial site.
For users, Trusteer recommends using three sets of IDs and passwords: one used only for financial websites, a second for nonfinancial sensitive websites that hold confidential user information, and a third for non-sensitive sites that do not keep confidential information.
“Criminals have devised various methods to steal login credentials from less secure websites, which they then test them out on financial services websites,” the report says. “As a result, users are exposed to account hijacking risks which can lead to fraud.”
As I’ve written before, I get the feeling that for many users passwords and IDs are becoming less a measure of safety and just another obstacle in the path to content (I know I’m trending this way). Maybe we’ve gotten to the point that our online security methods have become dated and need to change. You don’t use a secret knock to get into your house, why do we use one with our online lives?