Poor password behaviour beating banking security

[nsane.forums]

Report finds massive re-use of passwords

A report (PDF) into the security of banking internet systems has found that one of the biggest problems faced is the reuse of login passwords by customers.

Online security firm Trusteer monitored over four million computers for a year and found that 73 per cent of internet banking customers used the same password for their online banking services as they did for other, less secure sites.

"Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords," said Amit Klein, chief technical officer of Trusteer and head of the company's research organization.

"Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites."

The report found that with banking web sites that allowed users to choose their own User IDs almost two thirds of users used the same ID for other sites. Where they were allocated an ID by the bank this fell to less than half.

In addition nearly half of people used both their user ID and password for a non-financial web site.

The use of single passwords for multiple sites raises serious security risks, since if a hacker can get one password from a less-secure web site, by a "brute force’ dictionary attack for example, there is a good chance it can be used on other sites.

View: Original Article